From patchwork Sat Jul 15 13:27:57 2006
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Hans-Werner Hilse <hilse@web.de>
X-Patchwork-Id: 12358
Received: from gabriel.sub.uni-goettingen.de ([134.76.163.126])
	by www.linuxtv.org with esmtp (Exim 4.50) id 1G1kBw-0003sU-Et
	for vdr@linuxtv.org; Sat, 15 Jul 2006 15:28:20 +0200
Received: by gabriel.sub.uni-goettingen.de (Postfix, from userid 8)
	id EC5B4EF7D1; Sat, 15 Jul 2006 15:28:19 +0200 (CEST)
Received: from localhost (unknown [134.76.161.221])
	by gabriel.sub.uni-goettingen.de (Postfix) with ESMTP id E310AEF7C6
	for <vdr@linuxtv.org>; Sat, 15 Jul 2006 15:28:18 +0200 (CEST)
Date: Sat, 15 Jul 2006 15:27:57 +0200
From: Hans-Werner Hilse <hilse@web.de>
To: vdr@linuxtv.org
Subject: Re: [vdr] warning - cannot set dumpable: Invalid argument
Message-Id: <20060715152757.7fa195bb.hilse@web.de>
In-Reply-To: <1152908138.2696.29.camel@localhost.localdomain>
References: <20060710182053.GA16014@section_eight.mops.rwth-aachen.de>
	<20060710210008.de1eb995.hilse@web.de>
	<1152908138.2696.29.camel@localhost.localdomain>
X-Mailer: Sylpheed version 2.2.5 (GTK+ 2.8.19; i586-pc-linux-gnu)
Mime-Version: 1.0
X-Spam-Details: No, hits=0.0 required=5.0 tests=none autolearn=ham
	version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on
	gabriel.sub.uni-goettingen.de
X-BeenThere: vdr@linuxtv.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: VDR Mailing List <vdr@linuxtv.org>
List-Id: VDR Mailing List <vdr.linuxtv.org>
List-Unsubscribe: <http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr>,
	<mailto:vdr-request@linuxtv.org?subject=unsubscribe>
List-Archive: <http://www.linuxtv.org/pipermail/vdr>
List-Post: <mailto:vdr@linuxtv.org>
List-Help: <mailto:vdr-request@linuxtv.org?subject=help>
List-Subscribe: <http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr>,
	<mailto:vdr-request@linuxtv.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2006 13:28:20 -0000
Status: O
X-Status: 
X-Keywords: 
X-UID: 10111

Hi,

On Fri, 14 Jul 2006 23:15:38 +0300 Ville Skyttä <vskytta@gmail.com>
wrote:

> I'm not disputing this fix per se, but it is highly unfortunate, as
> VDR crashes are often hard to reproduce.  Running as root is not
> acceptable in many setups, and even temporarily switching between
> root and the normal dedicated user results in annoyances such as file
> ownership issues in addition to the uncertainty whether the crash
> condition can be reproduced in the first place.  Being able to run as
> non-root and have "secure" core dumps (which actually turned out to
> be not that secure) enabled and subject to ulimit -c just as usual
> was convenient.
> 
> Would it be out of the question to add a command line option like
> --enable-insecure-core-dumps which when set and when run as non-root,
> would result in PR_SET_DUMPABLE=1, and otherwise no prctl() at all?
> This would get rid of some of the above difficulties.

I agree. Since these conditions can only arise when the process itself
has been started as root, it should be root's decision, too.

An updated patch is attached. It will probably need a bit of discussion
if the command switch I've introduced is properly named (userdump), if
the description fits and if the modus operandi is acceptable.

-hwh

--- vdr-1.4.1.O/vdr.c	2006-06-04 11:04:47.000000000 +0200
+++ vdr-1.4.1/vdr.c	2006-07-15 15:22:48.354000016 +0200
@@ -82,7 +82,7 @@
 
 static int Interrupted = 0;
 
-static bool SetUser(const char *UserName)
+static bool SetUser(const char *UserName, const bool UserDump)
 {
   if (UserName) {
      struct passwd *user = getpwnam(UserName);
@@ -102,9 +102,8 @@
         fprintf(stderr, "vdr: cannot set user id %u: %s\n", (unsigned int)user->pw_uid, strerror(errno));
         return false;
         }
-     if (prctl(PR_SET_DUMPABLE, 2, 0, 0, 0) < 0) {
+     if (UserDump && prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) {
         fprintf(stderr, "vdr: warning - cannot set dumpable: %s\n", strerror(errno));
-        // always non-fatal, and will not work with kernel < 2.6.13
         }
      }
   return true;
@@ -174,6 +173,7 @@
 
   bool StartedAsRoot = false;
   const char *VdrUser = NULL;
+  bool UserDump = false;
   int SVDRPport = DEFAULTSVDRPPORT;
   const char *AudioCommand = NULL;
   const char *ConfigDirectory = NULL;
@@ -228,6 +228,7 @@
       { "shutdown", required_argument, NULL, 's' },
       { "terminal", required_argument, NULL, 't' },
       { "user",     required_argument, NULL, 'u' },
+      { "userdump", no_argument,       NULL, 'u' | 0x100 },
       { "version",  no_argument,       NULL, 'V' },
       { "vfat",     no_argument,       NULL, 'v' | 0x100 },
       { "video",    required_argument, NULL, 'v' },
@@ -325,6 +326,9 @@
           case 'u': if (*optarg)
                        VdrUser = optarg;
                     break;
+          case 'u' | 0x100:
+                    UserDump = true;
+                    break;
           case 'V': DisplayVersion = true;
                     break;
           case 'v' | 0x100:
@@ -354,7 +358,7 @@
      if (strcmp(VdrUser, "root")) {
         if (!SetKeepCaps(true))
            return 2;
-        if (!SetUser(VdrUser))
+        if (!SetUser(VdrUser,UserDump))
            return 2;
         if (!SetKeepCaps(false))
            return 2;
@@ -408,6 +412,7 @@
                "  -t TTY,   --terminal=TTY controlling tty\n"
                "  -u USER,  --user=USER    run as user USER; only applicable if started as\n"
                "                           root\n"
+               "            --userdump     allow coredumps when -u is given (debugging)\n"
                "  -v DIR,   --video=DIR    use DIR as video directory (default: %s)\n"
                "  -V,       --version      print version information and exit\n"
                "            --vfat         encode special characters in recording names to\n"