diff --git a/src/suricata.c b/src/suricata.c index cf17420988..5a21e6c29d 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -3014,6 +3014,10 @@ int main(int argc, char **argv) } SCDropMainThreadCaps(suricata.userid, suricata.groupid); + + /* Re-enable coredumps after privileges are dropped. */ + CoredumpEnable(); + PreRunPostPrivsDropInit(suricata.run_mode); PostConfLoadedDetectSetup(&suricata); diff --git a/src/util-coredump-config.c b/src/util-coredump-config.c index 3f1da66aaf..e5b14a7568 100644 --- a/src/util-coredump-config.c +++ b/src/util-coredump-config.c @@ -30,6 +30,52 @@ #include #endif +#ifdef OS_WIN32 + +void CoredumpEnable(void) { +} + +int32_t CoredumpLoadConfig(void) { + /* todo: use the registry to get/set dump configuration */ + SCLogInfo("Configuring core dump is not yet supported on Windows."); + return 0; +} + +#else + +static bool unlimited = false; +static rlim_t max_dump = 0; + +/** + * \brief Enable coredumps on systems where coredumps can and need to + * be enabled. + */ +void CoredumpEnable(void) +{ + if (!unlimited && !max_dump) { + return; + } +#if HAVE_SYS_PRCTL_H + /* Linux specific core dump configuration; set dumpable flag if needed */ + int dumpable = 0; + dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0); + if (dumpable == -1) { + SCLogNotice("Failed to get dumpable state of process, " + "core dumps may not be abled: %s", strerror(errno)); + } + else if (unlimited || max_dump > 0) { + /* try to enable core dump for this process */ + if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) { + SCLogInfo("Unable to make this process dumpable."); + } else { + SCLogDebug("Process is dumpable."); + } + } + /* don't clear dumpable flag since this will have other effects; + * just set dump size to 0 below */ +#endif /* HAVE_SYS_PRCTL_H */ +} + /** * \brief Configures the core dump size. * @@ -41,8 +87,6 @@ int32_t CoredumpLoadConfig (void) #ifdef HAVE_SYS_RESOURCE_H /* get core dump configuration settings for suricata */ const char *dump_size_config = NULL; - rlim_t max_dump = 0; - uint32_t unlimited = 0; size_t rlim_size = sizeof(rlim_t); if (ConfGet ("coredump.max-dump", &dump_size_config) == 0) { @@ -54,7 +98,7 @@ int32_t CoredumpLoadConfig (void) return 0; } if (strcasecmp (dump_size_config, "unlimited") == 0) { - unlimited = 1; + unlimited = true; } else { /* disallow negative values */ @@ -81,31 +125,7 @@ int32_t CoredumpLoadConfig (void) SCLogInfo ("Max dump is %"PRIu64, (uint64_t) max_dump); } -#if defined OS_WIN32 - /* todo: use the registry to get/set dump configuration */ - SCLogInfo("Configuring core dump is not yet supported on Windows."); - return 0; -#endif - -#ifdef HAVE_SYS_PRCTL_H - /* Linux specific core dump configuration; set dumpable flag if needed */ - int dumpable = 0; - dumpable = prctl (PR_GET_DUMPABLE, 0, 0, 0, 0); - if (dumpable == -1) { - SCLogInfo ("Can't get core dump configuration of process."); - } - else if (unlimited == 1 || max_dump > 0) { - /* try to enable core dump for this process */ - if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) { - SCLogInfo ("Unable to make this process dumpable."); - return 0; - } else { - SCLogDebug ("Process is dumpable."); - } - } - /* don't clear dumpable flag since this will have other effects; - * just set dump size to 0 below */ -#endif /* Linux specific */ + CoredumpEnable(); struct rlimit lim; /*existing limit*/ struct rlimit new_lim; /*desired limit*/ @@ -212,3 +232,5 @@ int32_t CoredumpLoadConfig (void) #endif /* HAVE_SYS_RESOURCE_H */ return 0; } + +#endif /* OS_WIN32 */ diff --git a/src/util-coredump-config.h b/src/util-coredump-config.h index 7994421bce..168ffc9b04 100644 --- a/src/util-coredump-config.h +++ b/src/util-coredump-config.h @@ -26,6 +26,7 @@ #include "suricata-common.h" -int32_t CoredumpLoadConfig (void); +int32_t CoredumpLoadConfig(void); +void CoredumpEnable(void); #endif /* __COREDUMP_CONFIG_H__ */