[vdr] creating core dumps with 1.3.42

Klaus Schmidinger Klaus.Schmidinger at cadsoft.de
Sun Feb 19 15:35:03 CET 2006


Ville Skyttä wrote:
> On Thu, 2006-02-16 at 20:01 +0100, leo2 at pec.homeip.net wrote:
> 
>>The current function to activate core-dumps for vdr running setuid ist only 
>>working for kernel > 2.6.13 ( says the comment in vdr.c ).
>>Actualy it is not working for 2.4.21 but it was easy an easy change, just 
>>replace
>>	prctl(PR_SET_DUMPABLE, 2, 0, 0, 0)
>>with 
>>	prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)
>>
>>If you need the switch with "2" ( what does "2" mean for >2.6.13 ??)
> 
> 
> It's "2" intentionally.  "1" is a "no security" mode, "2" makes the core
> dumps readable by root only and applies additional checks.  Like the
> comment says, "2" is available in kernels >= 2.6.13 only.  For more
> info, see eg. the suid_dumpable description here:
> http://marc.theaimsgroup.com/?l=linux-kernel&m=109647550421014&w=2
> 
> Yes, the net effect is that the unmodified VDR 1.3.42 won't produce core
> dumps at all when not running as root with < 2.6.13 kernels, but IMO
> that's a reasonable tradeoff, at least as far as the default is
> concerned.

So does this mean that '1' would work on older kernels?

Would it be feasible to use just '1' - after all, there's not
much security about a VDR core file. Furthermore, it allows
the normal user to immediately fire up the debugger with the
core file, without having to first 'chown' the file (had this
once, found it annoying).

So, if there are no complaints, I tend to make this line

   if (prctl(PR_SET_DUMPABLE, 2, 0, 0, 0) < 0) {

as suggested by the OP (who should send me a PM with his real
name and email address if he wants to be mentioned in VDR/CONTRIBUTORS).

Klaus




More information about the vdr mailing list