'Re: Layering an IDS on Linux - prepwork'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Layering an IDS on Linux - prepwork
From:       Steve G <linux_4ever () yahoo ! com>
Date:       2007-08-05 18:52:48
Message-ID: 30860.44230.qm () web51512 ! mail ! re2 ! yahoo ! com
[Download RAW message or body]


>I don't know about the specific case of dhcdbd - maybe it uses abort()
>when it should use exit(nonzero).

So, I spent a few minutes on this...turns out that 1) selinux was preventing the
reading of a dbus file:

open("/var/lib/dbus/machine-id", O_RDONLY) = -1 EACCES (Permission denied)
getpid()                                = 3118
write(2, "process 3118: ", 14)          = 14
write(2, "D-Bus library appears to be inco"..., 198) = 198
write(2, "  D-Bus not built with -rdynamic"..., 64) = 64
tgkill(3118, 3118, SIGABRT)             = 0

--- SIGABRT (Terminated) @ 0 (0) ---
+++ killed by SIGABRT +++


2) dbus-libs call abort for _dbus_warn(). Looking at the case of not being able
to read a file resulting in a core dump...I think dbus needs to add a new
function, _dbus_terminate and call that for fatal warnings. Fixing dbus-libs will
fix several other apps linked to it.

-Steve


--- dbus-1.0.2.orig/dbus/dbus-internals.c       2006-12-11 14:21:06.000000000
-0500
+++ dbus-1.0.2/dbus/dbus-internals.c    2007-08-05 14:29:42.000000000 -0400
@@ -280,7 +280,7 @@ _dbus_warn_check_failed(const char *form
   if (fatal_warnings_on_check_failed)
     {
       fflush (stderr);
-      _dbus_abort ();
+      _dbus_terminate ();
     }
 }

diff -urp dbus-1.0.2.orig/dbus/dbus-sysdeps.c dbus-1.0.2/dbus/dbus-sysdeps.c
--- dbus-1.0.2.orig/dbus/dbus-sysdeps.c 2006-12-11 14:21:06.000000000 -0500
+++ dbus-1.0.2/dbus/dbus-sysdeps.c      2007-08-05 14:30:38.000000000 -0400
@@ -45,6 +45,7 @@
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
+#include <signal.h>

 _DBUS_DEFINE_GLOBAL_LOCK (win_fds);
 _DBUS_DEFINE_GLOBAL_LOCK (sid_atom_cache);
@@ -64,6 +65,20 @@ _DBUS_DEFINE_GLOBAL_LOCK (sid_atom_cache
  */

 /**
+ * Terminates the program with SIGTERM.
+ */
+void
+_dbus_terminate (void)
+{
+  
+  _dbus_print_backtrace ();
+  
+  raise (SIGTERM);
+  _dbus_sleep_milliseconds (1000);
+  _dbus_exit (1); /* in case someone ignores SIGTERM ? */
+}
+
+/**
  * Aborts the program with SIGABRT (dumping core).
  */
 void
diff -urp dbus-1.0.2.orig/dbus/dbus-sysdeps.h dbus-1.0.2/dbus/dbus-sysdeps.h
--- dbus-1.0.2.orig/dbus/dbus-sysdeps.h 2006-12-11 14:21:16.000000000 -0500
+++ dbus-1.0.2/dbus/dbus-sysdeps.h      2007-08-05 14:29:42.000000000 -0400
@@ -81,6 +81,7 @@ typedef struct DBusList DBusList;
  * used to tell gcc about functions that never return, such as _dbus_abort()
  */

+void _dbus_terminate (void) _DBUS_GNUC_NORETURN;
 void _dbus_abort (void) _DBUS_GNUC_NORETURN;

 const char* _dbus_getenv (const char *varname);



       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222

-- 
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[prev in list] [next in list] [prev in thread] [next in thread] 
