@@ -82,7 +82,7 @@
static int Interrupted = 0;
-static bool SetUser(const char *UserName)
+static bool SetUser(const char *UserName, bool InsecureDumps)
{
if (UserName) {
struct passwd *user = getpwnam(UserName);
@@ -102,9 +102,11 @@
fprintf(stderr, "vdr: cannot set user id %u: %s\n", (unsigned int)user->pw_uid, strerror(errno));
return false;
}
- if (prctl(PR_SET_DUMPABLE, 2, 0, 0, 0) < 0) {
- fprintf(stderr, "vdr: warning - cannot set dumpable: %s\n", strerror(errno));
- // always non-fatal, and will not work with kernel < 2.6.13
+ if (InsecureDumps) {
+ if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) {
+ fprintf(stderr, "vdr: warning - cannot set dumpable: %s\n", strerror(errno));
+ // non-fatal
+ }
}
}
return true;
@@ -173,6 +175,7 @@
#define DEFAULTEPGDATAFILENAME "epg.data"
bool StartedAsRoot = false;
+ bool InsecureDumps = false;
const char *VdrUser = NULL;
int SVDRPport = DEFAULTSVDRPPORT;
const char *AudioCommand = NULL;
@@ -216,6 +219,7 @@
{ "epgfile", required_argument, NULL, 'E' },
{ "grab", required_argument, NULL, 'g' },
{ "help", no_argument, NULL, 'h' },
+ { "insecure", no_argument, NULL, 'I' },
{ "lib", required_argument, NULL, 'L' },
{ "lirc", optional_argument, NULL, 'l' | 0x100 },
{ "log", required_argument, NULL, 'l' },
@@ -236,7 +240,7 @@
};
int c;
- while ((c = getopt_long(argc, argv, "a:c:dD:E:g:hl:L:mp:P:r:s:t:u:v:Vw:", long_options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "a:c:dD:E:g:hIl:L:mp:P:r:s:t:u:v:Vw:", long_options, NULL)) != -1) {
switch (c) {
case 'a': AudioCommand = optarg;
break;
@@ -259,6 +263,8 @@
break;
case 'h': DisplayHelp = true;
break;
+ case 'I': InsecureDumps = true;
+ break;
case 'l': {
char *p = strchr(optarg, '.');
if (p)
@@ -354,7 +360,7 @@
if (strcmp(VdrUser, "root")) {
if (!SetKeepCaps(true))
return 2;
- if (!SetUser(VdrUser))
+ if (!SetUser(VdrUser, InsecureDumps))
return 2;
if (!SetKeepCaps(false))
return 2;
@@ -388,6 +394,9 @@
" existing directory, without any \"..\", double '/'\n"
" or symlinks (default: none, same as -g-)\n"
" -h, --help print this help and exit\n"
+ " -I, --insecure enable core dumps when run as non-root using the -u\n"
+ " option (insecure, be sure you know what you're doing\n"
+ " before using this option!)\n"
" -l LEVEL, --log=LEVEL set log level (default: 3)\n"
" 0 = no logging, 1 = errors only,\n"
" 2 = errors and info, 3 = errors, info and debug\n"