Commit 18e28bbb authored by Jérome Perrin's avatar Jérome Perrin

component/proftpd: allow dumping process

Unless compiled with --enable-devel=coredump, proftpd's mod_rlimit will
use a prctl(PR_SET_DUMPABLE, 0) syscall[1] which prevents us from
inspecting files open by this process[2]

We don't want to enable debug build and I did not find a way to disable
only this PR_SET_DUMPABLE flag setting.

[1] https://github.com/proftpd/proftpd/blob/v1.3.6/modules/mod_rlimit.c#L580-L583
[2] http://man7.org/linux/man-pages/man5/proc.5.html
parent afac6e04
From ec7c3929df82855cc708f2074eb163590ecaeeaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Wed, 23 May 2018 08:55:35 +0200
Subject: [PATCH] mod_rlimit: don't change PR_SET_DUMPABLE flag
In our case we don't really care if the process leaves a coredump and
are interested in being able to inspect running processes for tests.
---
modules/mod_rlimit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/mod_rlimit.c b/modules/mod_rlimit.c
index 6788e4cee..2584260af 100644
--- a/modules/mod_rlimit.c
+++ b/modules/mod_rlimit.c
@@ -568,6 +568,8 @@ static int rlimit_set_core(int scope) {
#if !defined(PR_DEVEL_COREDUMP) && \
defined(HAVE_PRCTL) && \
defined(PR_SET_DUMPABLE)
+
+ #if 0 /* SlapOS patch: keep PR_SET_DUMPABLE for tests */
if (max == 0) {
/* Really, no core dumps please. On Linux, there are exceptions made
* even when setting RLIMIT_CORE = 0; see:
@@ -582,6 +584,7 @@ static int rlimit_set_core(int scope) {
strerror(errno));
}
}
+#endif /* SlapOS patch */
#endif /* no --enable-devel=coredump and HAVE_PRCTL and PR_SET_DUMPABLE */
errno = xerrno;
--
2.11.0
...@@ -11,6 +11,7 @@ extends = ...@@ -11,6 +11,7 @@ extends =
../curl/buildout.cfg ../curl/buildout.cfg
../libtool/buildout.cfg ../libtool/buildout.cfg
../git/buildout.cfg ../git/buildout.cfg
../patch/buildout.cfg
# proftpd server # proftpd server
[proftpd-environment] [proftpd-environment]
...@@ -37,7 +38,10 @@ environment = ...@@ -37,7 +38,10 @@ environment =
install_group=${proftpd-grp:GROUP} install_group=${proftpd-grp:GROUP}
cppflags=-I${zlib:location}/include -I${openssl:location}/include cppflags=-I${zlib:location}/include -I${openssl:location}/include
ldflags=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib ldflags=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
${:_profile_base_location_}/0001-mod_rlimit-don-t-change-PR_SET_DUMPABLE-flag.patch#6e58a7a429ff96a51812dc9835e4c227
# mod_auth_web: a proftpd module to authenticate users against an HTTP service # mod_auth_web: a proftpd module to authenticate users against an HTTP service
[proftpd-mod_auth_web-repository] [proftpd-mod_auth_web-repository]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment