Hans-Werner Hilse wrote:
Hi,
On Sat, 15 Jul 2006 17:04:06 +0200 Klaus Schmidinger Klaus.Schmidinger@cadsoft.de wrote:
(Part of?) the according patch is this: http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%...
Is this the final "fix" or just a quick hack to provide an immediate workaround? IMHO the actual problem should be fixed instead of removing a parameter option.
Correct. I don't think that anyone has made any decision in this case yet. I think a full revert of this feature would basically be a revert of this:
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=...
I'm not convinced that it would be a good idea to restore the functionality of making core dumps when running as a non-priviledged user. A possibility would be to force core dumps into a preconfigured directory, changeable via a /proc entry.
Besides, I don't like the introduction of an extra VDR command line option for this. I suggest we either wait until there is a real fix in the kernel or, if no such fix comes and the '2' parameter to prctl() is actually voided, we go back to '1' and let the user control whether there should be a core dump via 'ulimit'.
I can't find that scenario very attractive, but that's probably just me. I don't see any good explanation of why on the one hand allow to drop privileges and on the other hand open that restriction by making the ability of doing core dumps the default setting. But I can certainly live with that, it's just a few lines in the code and a patch would be easy to maintain. And, after all, users who care for security can just start vdr as a non-root user.
I guess I'll leave everything in VDR as it is right now, and will see whether the kernel hackers implement an actual fix (not just a feature-drop) some day.
Klaus