Ville Skytt? wrote: > FYI: I had played with Ludwig Nussel's "su" patch in the past, and > noticed that the setuid() stuff prevents VDR from dumping core in case > of crashes. I haven't really tested it yet, but from skimming the code > it looks like the -u implementation included in 1.3.38 might have the > same feature too. Of course, no core dumps on crashes makes debugging > problems a lot harder :( > > Doing something like prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) after setuid() > and setgid() should fix it, but there may be security implications to > consider (whose implications in case of VDR are probably pretty small, > but there's a reason why setuid/setgid things don't dump core by > default...). In kernels >= 2.6.13, "2" instead of "1" in the above > would be available too, which would be quite a bit better. > > Of course, the simplest "fix" for 1.3.38 would be to not even start it > as root; no setuid/setgid -> no (new) problems getting core dumps. > > More info: PR_SET_DUMPABLE in "man prctl", and > http://lwn.net/Articles/104341/ (I'm not sure if that has been applied; > mabe it has in >= 2.6.13). > > Apologies beforehand if the above doesn't apply to VDR 1.3.38; as said, > I haven't actually tested it but thought I'd report it while I remember. I'm not going to dig into this myself, so if anybody would like to propose a patch, please send it. Klaus
