It's definitely a problem with calling setuid() and then not re-invoking
PR_SET_DUMPABLE. I think it must have been broken for a long time as the
version before using POSIX capabilities didn't call setuid until after invoking
PR_SET_DUMPABLE. I put some extra debugging output in and verified tha
Btw, we have a Conflunce wiki page with some of this info already. Please
update that page with the missing info from this thread.
Cheers,
-- Leif
On Aug 27, 2011, at 10:42 AM, Rayson Ho wrote:
> Hi Alan,
>
> I could only find 3 places that reset the flag to PR_SET_DUMPABLE... I
> was wonder
Hi Alan,
I could only find 3 places that reset the flag to PR_SET_DUMPABLE... I
was wondering if the control flows into mgmt/LocalManager.cc
(removeRootPriv(), restoreRootPriv()... as main() calls
listenForProxy() after calling setup_coredump()) and other places
that calls seteuid but without res
Saturday, August 27, 2011, 10:01:19 AM, you wrote:
> There's also the setuid(2)/seteuid(2)/setguid(2)/seteguid(2) issue on
> Linux (the kernel does not dump core setXid programs).
I saw that but thought it meant only setuid at the file system level. However,
ATS uses
prctl(PR_SET_DUMPABLE, 1, 0
There's also the setuid(2)/seteuid(2)/setguid(2)/seteguid(2) issue on
Linux (the kernel does not dump core setXid programs).
There are a few places that trafficserver calls those system calls
(eg. in runAsUser()).
There are 2 ways of working around this:
1) In Sun Grid Engine (now the commercial
On 08/26/2011 11:32 PM, Alan M. Carroll wrote:
I want to have traffic_server leave behind a core file when it crashes but
can't seem to make it happen. I have
* Used ulimit -c
* Set the core limit high in /etc/security/limits.conf
* Set proxy.config.core_limit to -1
* Verified that setrlimit is
I want to have traffic_server leave behind a core file when it crashes but
can't seem to make it happen. I have
* Used ulimit -c
* Set the core limit high in /etc/security/limits.conf
* Set proxy.config.core_limit to -1
* Verified that setrlimit is being called with a very large limit.
* Set the
