diff options
| author | Nick Mathewson <nickm@torproject.org> | 2009-02-09 15:20:17 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2009-02-09 15:20:17 +0000 |
| commit | f99098cca406369aeff149bd5e70662de934ec08 (patch) | |
| tree | 66f8afee80134ab251508953e952256eedced225 | |
| parent | f95ab837929d0b70ecc87e052f58a2038408c54b (diff) | |
| download | tor-f99098cca406369aeff149bd5e70662de934ec08.tar.gz tor-f99098cca406369aeff149bd5e70662de934ec08.zip | |
Use prctl to reenable core dumps when we have setuid to a non-root user.
svn:r18449
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | src/common/compat.c | 16 |
3 files changed, 21 insertions, 2 deletions
@@ -1,4 +1,7 @@ Changes in version 0.2.1.13-????? - 2009-0?-?? + o Minor features: + - On Linux, use the prctl call to re-enable core dumps when the user + is option is set. Changes in version 0.2.1.12-alpha - 2009-02-08 diff --git a/configure.in b/configure.in index 22a47b9068..8610c3a524 100644 --- a/configure.in +++ b/configure.in @@ -196,7 +196,7 @@ dnl ------------------------------------------------------------------- dnl Check for functions before libevent, since libevent-1.2 apparently dnl exports strlcpy without defining it in a header. -AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime getrlimit strlcat strlcpy strtoull getaddrinfo localtime_r gmtime_r memmem strtok_r writev readv flock) +AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime getrlimit strlcat strlcpy strtoull getaddrinfo localtime_r gmtime_r memmem strtok_r writev readv flock prctl) using_custom_malloc=no if test x$enable_openbsd_malloc = xyes ; then @@ -328,7 +328,7 @@ AC_CHECK_HEADERS(netdb.h sys/ioctl.h sys/socket.h arpa/inet.h netinet/in.h pwd.h dnl These headers are not essential -AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/param.h sys/wait.h limits.h sys/limits.h netinet/in.h arpa/inet.h machine/limits.h syslog.h sys/time.h sys/resource.h inttypes.h utime.h sys/utime.h sys/mman.h netinet/in6.h malloc.h sys/syslimits.h malloc/malloc.h linux/types.h sys/file.h malloc_np.h) +AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/param.h sys/wait.h limits.h sys/limits.h netinet/in.h arpa/inet.h machine/limits.h syslog.h sys/time.h sys/resource.h inttypes.h utime.h sys/utime.h sys/mman.h netinet/in6.h malloc.h sys/syslimits.h malloc/malloc.h linux/types.h sys/file.h malloc_np.h sys/prctl.h) TOR_CHECK_PROTOTYPE(malloc_good_size, HAVE_MALLOC_GOOD_SIZE_PROTOTYPE, [#ifdef HAVE_MALLOC_H diff --git a/src/common/compat.c b/src/common/compat.c index fa6967289d..23efe0b656 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -83,6 +83,10 @@ #ifdef HAVE_SYS_FILE_H #include <sys/file.h> #endif +#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__) +/* Only use the linux prctl; the IRIX prctl is totally different */ +#include <sys/prctl.h> +#endif #include "log.h" #include "util.h" @@ -1223,6 +1227,18 @@ switch_id(const char *user) } have_already_switched_id = 1; /* mark success so we never try again */ + +#if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL) +#ifdef PR_SET_DUMPABLE + if (pw->pw_uid) { + /* Re-enable core dumps if we're not running as root. */ + log_info(LD_CONFIG, "Re-enabling coredumps"); + if (prctl(PR_SET_DUMPABLE, 1)) { + log_warn(LD_CONFIG, "Unable to re-enable coredumps: %s",strerror(errno)); + } + } +#endif +#endif return 0; #else |