[jira] [Commented] (DISPATCH-130) qdrouterd with --daemon and --user options does not dump core.

Wed, 01 Apr 2015 10:10:07 -0700 

    [ 
https://issues.apache.org/jira/browse/DISPATCH-130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14390994#comment-14390994
 ] 

Alan Conway commented on DISPATCH-130:
--------------------------------------

Good to know but unfriendly.

I think the problem is that qdrouter is started as root and then changes
its own uid. Since it _started_ as root it _could_ have sensitive info
in it's core dump so it gets the top-secret treatment from the kernel.

On the other hand qpidd (for example) is started *as a non-root user* by
the runuser function in the init script. So it doesn't have this
problem. I think that's what we should do with qdrouterd. (In fact we
might just want to strip out all the daemonizing code and let the init
script do it with the daemon() function, since all that stuff becomes
irrelevant under systemd anyway. I'm less sure about that though...)


> qdrouterd with --daemon and --user options does not dump core.
> --------------------------------------------------------------
>
>                 Key: DISPATCH-130
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-130
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.3
>            Reporter: Alan Conway
>            Assignee: Alan Conway
>             Fix For: 0.4
>
>
> If qdroutered is started with --daemon and --user options, and then is killed 
> with SIGABRT or crashes, it does not produce a core file. Note both --daemon 
> and --user are reqiured to produce the problem, either alone does not. Tested 
> on RHEL6 and Fedora 21 as follows:
> Send core files in /tmp, since --daemon will set current directory to /
> {noformat}
> # echo /tmp/core.%e.%p > /proc/sys/kernel/core_pattern
> {noformat}
> Verify we do get a core file with just --daemon
> {noformat}
> # qdrouterd --daemon
> # pkill -e -6 qdrouterd
> qdrouterd killed (pid 11482)
> # ls /tmp/core*
> /tmp/core.qdrouterd.11482
> {noformat}
> Now add --user 
> {noformat}
> # rm /tmp/core*
> # qdrouterd --daemon --user aconway
> # pkill -e -6 qdrouterd
> qdrouterd killed (pid 11432)
> # ls /tmp/core*
> ls: cannot access /tmp/core*: No such file or directory
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to