Hi, On Sat, 15 Jul 2006 17:04:06 +0200 Klaus Schmidinger <Klaus.Schmidinger@xxxxxxxxxx> wrote: > > (Part of?) the according patch is this: > > http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fpatch-2.6.17.4.bz2;z=17 > > Is this the final "fix" or just a quick hack to provide an > immediate workaround? IMHO the actual problem should be fixed > instead of removing a parameter option. Correct. I don't think that anyone has made any decision in this case yet. I think a full revert of this feature would basically be a revert of this: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d6e711448137ca3301512cec41a2c2ce852b3d0a I'm not convinced that it would be a good idea to restore the functionality of making core dumps when running as a non-priviledged user. A possibility would be to force core dumps into a preconfigured directory, changeable via a /proc entry. > Besides, I don't like the introduction of an extra VDR command line > option for this. I suggest we either wait until there is a real > fix in the kernel or, if no such fix comes and the '2' parameter > to prctl() is actually voided, we go back to '1' and let the user > control whether there should be a core dump via 'ulimit'. I can't find that scenario very attractive, but that's probably just me. I don't see any good explanation of why on the one hand allow to drop privileges and on the other hand open that restriction by making the ability of doing core dumps the default setting. But I can certainly live with that, it's just a few lines in the code and a patch would be easy to maintain. And, after all, users who care for security can just start vdr as a non-root user. -hwh
