Ville Skytt? wrote: > On Thu, 2006-02-16 at 20:01 +0100, leo2@xxxxxxxxxxxxxx wrote: > >>The current function to activate core-dumps for vdr running setuid ist only >>working for kernel > 2.6.13 ( says the comment in vdr.c ). >>Actualy it is not working for 2.4.21 but it was easy an easy change, just >>replace >> prctl(PR_SET_DUMPABLE, 2, 0, 0, 0) >>with >> prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) >> >>If you need the switch with "2" ( what does "2" mean for >2.6.13 ??) > > > It's "2" intentionally. "1" is a "no security" mode, "2" makes the core > dumps readable by root only and applies additional checks. Like the > comment says, "2" is available in kernels >= 2.6.13 only. For more > info, see eg. the suid_dumpable description here: > http://marc.theaimsgroup.com/?l=linux-kernel&m=109647550421014&w=2 > > Yes, the net effect is that the unmodified VDR 1.3.42 won't produce core > dumps at all when not running as root with < 2.6.13 kernels, but IMO > that's a reasonable tradeoff, at least as far as the default is > concerned. So does this mean that '1' would work on older kernels? Would it be feasible to use just '1' - after all, there's not much security about a VDR core file. Furthermore, it allows the normal user to immediately fire up the debugger with the core file, without having to first 'chown' the file (had this once, found it annoying). So, if there are no complaints, I tend to make this line if (prctl(PR_SET_DUMPABLE, 2, 0, 0, 0) < 0) { as suggested by the OP (who should send me a PM with his real name and email address if he wants to be mentioned in VDR/CONTRIBUTORS). Klaus
