On Mon, 2006-07-10 at 21:00 +0200, Hans-Werner Hilse wrote:
> That would be getting rid of dump file "handling" at all, I think,
> since PR_SET_DUMPABLE=1 is probably _not_ wanted since it reintroduces
> the problems why =2 was made before. So basically this means: No core
> dumps when s{u,g}id'ing.
I'm not disputing this fix per se, but it is highly unfortunate, as VDR
crashes are often hard to reproduce. Running as root is not acceptable
in many setups, and even temporarily switching between root and the
normal dedicated user results in annoyances such as file ownership
issues in addition to the uncertainty whether the crash condition can be
reproduced in the first place. Being able to run as non-root and have
"secure" core dumps (which actually turned out to be not that secure)
enabled and subject to ulimit -c just as usual was convenient.
Would it be out of the question to add a command line option like
--enable-insecure-core-dumps which when set and when run as non-root,
would result in PR_SET_DUMPABLE=1, and otherwise no prctl() at all?
This would get rid of some of the above difficulties.
