AC_DEFINE(HAVE_RLIMIT_CORE,, Define if you have RLIMIT_CORE for getrlimit())
],[])
+AC_MSG_CHECKING([PR_SET_DUMPABLE])
+AC_TRY_LINK([
+ #include <sys/prctl.h>
+], [
+ prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+], [
+ AC_DEFINE(HAVE_PR_SET_DUMPABLE,, Define if you have prctl(PR_SET_DUMPABLE))
+ AC_MSG_RESULT(yes)
+], [
+ AC_MSG_RESULT(no)
+])
+
dnl * Linux compatible mremap()
AC_MSG_CHECKING([Linux compatible mremap()])
AC_TRY_LINK([
}
restrict_access_by_env(!IS_STANDALONE());
+ restrict_access_allow_coredumps(TRUE);
}
static void main_init(void)
#include <time.h>
#include <pwd.h>
#include <grp.h>
+#ifdef HAVE_PR_SET_DUMPABLE
+# include <sys/prctl.h>
+#endif
static gid_t process_primary_gid = (gid_t)-1;
static gid_t process_privileged_gid = (gid_t)-1;
env_put("RESTRICT_GID_LAST=");
}
+void restrict_access_allow_coredumps(bool allow ATTR_UNUSED)
+{
+#ifdef HAVE_PR_SET_DUMPABLE
+ (void)prctl(PR_SET_DUMPABLE, allow, 0, 0, 0);
+#endif
+}
+
int restrict_access_use_priv_gid(void)
{
i_assert(!process_using_priv_gid);
environment settings and we have root uid or gid. */
void restrict_access_by_env(bool disallow_root);
+/* Try to set up the process in a way that core dumps are still allowed
+ after calling restrict_access_by_env(). */
+void restrict_access_allow_coredumps(bool allow);
+
/* If privileged_gid was set, these functions can be used to temporarily
gain access to the group. */
int restrict_access_use_priv_gid(void);
return NULL;
}
+static void
+log_coredump(string_t *str, enum process_type process_type, int status)
+{
+#ifdef WCOREDUMP
+ int signum = WTERMSIG(status);
+
+ if (WCOREDUMP(status)) {
+ str_append(str, " (core dumped)");
+ return;
+ }
+
+ if (signum != SIGABRT && signum != SIGSEGV && signum != SIGBUS)
+ return;
+
+ /* let's try to figure out why we didn't get a core dump */
+ if (process_type != PROCESS_TYPE_IMAP &&
+ process_type != PROCESS_TYPE_POP3)
+ str_append(str, " (core not dumped)");
+#ifndef HAVE_PR_SET_DUMPABLE
+ else if (!settings_root->defaults->mail_drop_priv_before_exec)
+ str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
+#endif
+ else if (core_dumps_disabled)
+ str_printfa(str, " (core dumps disabled)");
+ else
+ str_append(str, " (core not dumped - is home dir set?)");
+#endif
+}
+
static void sigchld_handler(int signo ATTR_UNUSED,
void *context ATTR_UNUSED)
{
str_printfa(str, "child %s (%s) killed with signal %d",
dec2str(pid), process_type_name,
WTERMSIG(status));
+ log_coredump(str, process_type, status);
}
if (str_len(str) > 0) {
extern char ssl_manual_key_password[];
extern const char *env_tz;
extern bool auth_success_written;
+extern bool core_dumps_disabled;
#ifdef DEBUG
extern bool gdb;
#endif
char ssl_manual_key_password[100];
const char *env_tz;
bool auth_success_written;
+bool core_dumps_disabled;
#ifdef DEBUG
bool gdb;
#endif
#define STARTUP_STRING PACKAGE_NAME" v"VERSION" starting up"
rlim_t core_limit;
- if (restrict_get_core_limit(&core_limit) == 0 && core_limit == 0)
+ core_dumps_disabled = restrict_get_core_limit(&core_limit) == 0 &&
+ core_limit == 0;
+ if (core_dumps_disabled)
i_info(STARTUP_STRING" (core dumps disabled)");
else
i_info(STARTUP_STRING);
}
restrict_access_by_env(!IS_STANDALONE());
+ restrict_access_allow_coredumps(TRUE);
}
static bool main_init(void)
projects / thirdparty / dovecot / core.git / commitdiff
