Hans-Werner Hilse wrote: > Hi, > > On Sat, 15 Jul 2006 17:04:06 +0200 Klaus Schmidinger > <Klaus.Schmidinger@xxxxxxxxxx> wrote: > >>> (Part of?) the according patch is this: >>> http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fpatch-2.6.17.4.bz2;z=17 >> Is this the final "fix" or just a quick hack to provide an >> immediate workaround? IMHO the actual problem should be fixed >> instead of removing a parameter option. > > Correct. I don't think that anyone has made any decision in this case > yet. I think a full revert of this feature would basically be a revert > of this: > > http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d6e711448137ca3301512cec41a2c2ce852b3d0a > > I'm not convinced that it would be a good idea to restore the > functionality of making core dumps when running as a non-priviledged > user. A possibility would be to force core dumps into a preconfigured > directory, changeable via a /proc entry. > >> Besides, I don't like the introduction of an extra VDR command line >> option for this. I suggest we either wait until there is a real >> fix in the kernel or, if no such fix comes and the '2' parameter >> to prctl() is actually voided, we go back to '1' and let the user >> control whether there should be a core dump via 'ulimit'. > > I can't find that scenario very attractive, but that's probably just > me. I don't see any good explanation of why on the one hand allow to > drop privileges and on the other hand open that restriction by making > the ability of doing core dumps the default setting. But I can > certainly live with that, it's just a few lines in the code and a patch > would be easy to maintain. And, after all, users who care for security > can just start vdr as a non-root user. I guess I'll leave everything in VDR as it is right now, and will see whether the kernel hackers implement an actual fix (not just a feature-drop) some day. Klaus
