On Sun, 2006-01-08 at 15:29 +0100, Klaus Schmidinger wrote: > Ville Skytt? wrote: > > FYI: I had played with Ludwig Nussel's "su" patch in the past, and > > noticed that the setuid() stuff prevents VDR from dumping core in case > > of crashes. I haven't really tested it yet, but from skimming the code > > it looks like the -u implementation included in 1.3.38 might have the > > same feature too. Of course, no core dumps on crashes makes debugging > > problems a lot harder :( > > > > Doing something like prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) after setuid() > > and setgid() should fix it, but there may be security implications to > > consider (whose implications in case of VDR are probably pretty small, > > but there's a reason why setuid/setgid things don't dump core by > > default...). In kernels >= 2.6.13, "2" instead of "1" in the above > > would be available too, which would be quite a bit better. > > > > Of course, the simplest "fix" for 1.3.38 would be to not even start it > > as root; no setuid/setgid -> no (new) problems getting core dumps. > > > > More info: PR_SET_DUMPABLE in "man prctl", and > > http://lwn.net/Articles/104341/ (I'm not sure if that has been applied; > > mabe it has in >= 2.6.13). > > > > Apologies beforehand if the above doesn't apply to VDR 1.3.38; as said, > > I haven't actually tested it but thought I'd report it while I remember. > > I'm not going to dig into this myself, so if anybody would like > to propose a patch, please send it. See attachment. Still completely untested as it'll take some time until I can get a working 1.3.38 set up, but based on experience from my earlier experiments I think it should be pretty much ok. -------------- next part -------------- A non-text attachment was scrubbed... Name: vdr-1.3.38-dumpable.patch Type: text/x-patch Size: 504 bytes Desc: not available Url : http://www.linuxtv.org/pipermail/vdr/attachments/20060108/a6289c6a/vdr-1.3.38-dumpable.bin
