Layering an IDS on Linux - prepwork

Steve G linux_4ever at yahoo.com
Sun Aug 5 18:52:48 UTC 2007 

>I don't know about the specific case of dhcdbd - maybe it uses abort()
>when it should use exit(nonzero).

So, I spent a few minutes on this...turns out that 1) selinux was preventing the
reading of a dbus file:

open("/var/lib/dbus/machine-id", O_RDONLY) = -1 EACCES (Permission denied)
getpid()                                = 3118
write(2, "process 3118: ", 14)          = 14
write(2, "D-Bus library appears to be inco"..., 198) = 198
write(2, "  D-Bus not built with -rdynamic"..., 64) = 64
tgkill(3118, 3118, SIGABRT)             = 0
--- SIGABRT (Terminated) @ 0 (0) ---
+++ killed by SIGABRT +++


2) dbus-libs call abort for _dbus_warn(). Looking at the case of not being able
to read a file resulting in a core dump...I think dbus needs to add a new
function, _dbus_terminate and call that for fatal warnings. Fixing dbus-libs will
fix several other apps linked to it.

-Steve


--- dbus-1.0.2.orig/dbus/dbus-internals.c       2006-12-11 14:21:06.000000000
-0500
+++ dbus-1.0.2/dbus/dbus-internals.c    2007-08-05 14:29:42.000000000 -0400
@@ -280,7 +280,7 @@ _dbus_warn_check_failed(const char *form
   if (fatal_warnings_on_check_failed)
     {
       fflush (stderr);
-      _dbus_abort ();
+      _dbus_terminate ();
     }
 }

diff -urp dbus-1.0.2.orig/dbus/dbus-sysdeps.c dbus-1.0.2/dbus/dbus-sysdeps.c
--- dbus-1.0.2.orig/dbus/dbus-sysdeps.c 2006-12-11 14:21:06.000000000 -0500
+++ dbus-1.0.2/dbus/dbus-sysdeps.c      2007-08-05 14:30:38.000000000 -0400
@@ -45,6 +45,7 @@
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
+#include <signal.h>

 _DBUS_DEFINE_GLOBAL_LOCK (win_fds);
 _DBUS_DEFINE_GLOBAL_LOCK (sid_atom_cache);
@@ -64,6 +65,20 @@ _DBUS_DEFINE_GLOBAL_LOCK (sid_atom_cache
  */

 /**
+ * Terminates the program with SIGTERM.
+ */
+void
+_dbus_terminate (void)
+{
+  
+  _dbus_print_backtrace ();
+  
+  raise (SIGTERM);
+  _dbus_sleep_milliseconds (1000);
+  _dbus_exit (1); /* in case someone ignores SIGTERM ? */
+}
+
+/**
  * Aborts the program with SIGABRT (dumping core).
  */
 void
diff -urp dbus-1.0.2.orig/dbus/dbus-sysdeps.h dbus-1.0.2/dbus/dbus-sysdeps.h
--- dbus-1.0.2.orig/dbus/dbus-sysdeps.h 2006-12-11 14:21:16.000000000 -0500
+++ dbus-1.0.2/dbus/dbus-sysdeps.h      2007-08-05 14:29:42.000000000 -0400
@@ -81,6 +81,7 @@ typedef struct DBusList DBusList;
  * used to tell gcc about functions that never return, such as _dbus_abort()
  */

+void _dbus_terminate (void) _DBUS_GNUC_NORETURN;
 void _dbus_abort (void) _DBUS_GNUC_NORETURN;

 const char* _dbus_getenv (const char *varname);



       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222

More information about the fedora-devel-list mailing list