[Devel] openser core dump functionality
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Feb 19 18:48:53 CET 2007
Henning,
I uploaded the patach on CVS. I guess it was a bit redundant as prctl()
was called in do_suid() and after it also.
I extended the patch a bit to use prctl() only for linux and to trigger
it also during daemonizing (because of setsid() ).
As you suggested, this functionality may be controlled via
disable_core_dump core parameter.
Please test the new version and let me know if it works as good as the
original one ;).
Thanks and regards,
bogdan
Bogdan-Andrei Iancu wrote:
> Hi Henning,
>
> according to man page, prctl is linux specific (or at least is not
> something portable); on the other hands, also according to man,
> disabling the coredump after setuid is also something linux specific :)
>
> so, all this code should be compiled only for linux OS ....I will take
> care of this.
>
> Thanks and regards,
> Bogdan
>
> Henning Westerholt wrote:
>> Am Montag, 19. Februar 2007 16:33 schrieben Sie:
>>
>>> Hi Henning,
>>>
>>> suuuuree.....I personally had some hard times when I wasn't getting the
>>> core after a crash...
>>>
>>
>> Ok, great! :-)
>>
>> Here's the patch (against cvs)..
>>
>> It includes the prctl.h header and uses the PR_SET_DUMPABLE syscall.
>> This patch has been some time in production for 0.9.5, but i can not
>> imagine why this should not work for 1.2.
>> Perhaps it is sensible to disable this by default for security reasons?
>>
>> Regards,
>>
>> Henning
>>
>> ------------------------------------------------------------------------
>>
>> diff -U 3 -dHrN sip-server/daemonize.c openser-cvs/daemonize.c
>> --- sip-server/daemonize.c 2005-06-13 18:47:26.000000000 +0200
>> +++ openser-cvs/daemonize.c 2007-02-19 17:16:38.000000000 +0100
>> @@ -49,6 +49,8 @@
>> #include <sys/resource.h> /* setrlimit */
>> #include <unistd.h>
>>
>> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
>> +
>> #include "daemonize.h"
>> #include "globals.h"
>> #include "dprint.h"
>> @@ -217,6 +219,12 @@
>> goto error;
>> }
>> }
>> +
>> + // setuid disables core dumping, reenable it
>> + if (prctl(PR_SET_DUMPABLE, 1)) {
>> + LOG(L_ERR, "Cannot enable core dumping after setuid\n");
>> + }
>> +
>> return 0;
>> error:
>> return -1;
>> diff -U 3 -dHrN sip-server/main.c openser-cvs/main.c
>> --- sip-server/main.c 2007-02-14 08:23:16.000000000 +0100
>> +++ openser-cvs/main.c 2007-02-19 17:13:33.000000000 +0100
>> @@ -83,6 +83,7 @@
>> #include <pwd.h>
>> #include <grp.h>
>> #include <signal.h>
>> +#include <sys/prctl.h> /* setuid disables core dumping, reenable it */
>> #include <time.h>
>>
>> #include <sys/ioctl.h>
>> @@ -675,11 +676,17 @@
>> LOG(L_ERR, "Error while creating unix domain sockets\n");
>> goto error;
>> }
>> +
>> if (do_suid()==-1) goto error; /* try to drop privileges */
>> /* process_no now initialized to zero -- increase from now on
>> as new processes are forked (while skipping 0 reserved
>> for main */
>>
>> + // setuid disables core dumping, reenable it
>> + if (prctl(PR_SET_DUMPABLE, 1)) {
>> + LOG(L_ERR, "Cannot enable core dumping after setuid\n");
>> + }
>> +
>> /* we need another process to act as the timer*/
>> #ifdef USE_TCP
>> /* if we are using tcp we always need a timer process,
>> @@ -800,6 +807,11 @@
>> * so we open all first*/
>> if (do_suid()==-1) goto error; /* try to drop privileges */
>>
>> + // setuid disables core dumping, reenable it
>> + if (prctl(PR_SET_DUMPABLE, 1)) {
>> + LOG(L_ERR, "Cannot enable core dumping after
>> setuid\n");
>> + }
>> +
>> /* Spawn children listening on unix domain socket if and
>> only if
>> * the unix domain socket server has not been disabled (i ==
>> 0) */
>> if (init_unixsock_children()<0) {
>>
>
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list