>> Proposed implementation:
>>
>> Provide debug info via a World-accessable character device.
>> On a per-UID basis, a crash monitor watches for trouble.
>> If something crashes:
>> 1. dying process sleeps
>> 2. message passed to crash monitor
>> 3. crash monitor can say "dump /tmp/joe-1.core" or start ddd or ...
> Making the character device world accessible might not be quite right,
> though, unless the kernel allows multiple connections, and automatically
> gives each connected daemon from the one with the most authority (root
> perms) to the least (user perms) a chance at taking the uid, in turn.
World accessible with multiple connections is totally correct.
Only an exact authority match is acceptable. If you run a setuid
app and want to catch crashes, you need a setuid daemon to do it.
Possible exception: root (well, CAP_DEBUG_ANY) could ask to accept
anything left over. Users always get first chance.
> It's probably simpler to have a root daemon that uses /etc/debugconf,
> ~user/debugconf, etc., to figure out what processes get which treatment.
Ugh. You get an authorization mess, with a user-space tool trying to
verify permission. I don't think it is good for a root daemon to mess
with user home directories. (not that it can always be avoided of course)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/