Disable core dumps and tracing on *nix.

But only when built in release mode. Closes #4
2024-10-01 01:26:01 -04:00 · 2012-10-13 11:05:50 +02:00 · 2012-10-13 11:05:50 +02:00 · 169e6327ea
commit 169e6327ea
parent 807924c0bc
5 changed files with 66 additions and 0 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -183,6 +183,27 @@ if(NOT ZLIB_SUPPORTS_GZIP)
  message(FATAL_ERROR "zlib 1.2.x or higher is required to use the gzip format")
 endif()

+if(UNIX)
+  check_cxx_source_compiles("#include <sys/prctl.h>
+    int main() { prctl(PR_SET_DUMPABLE, 0); return 0; }"
+    HAVE_PR_SET_DUMPABLE)
+
+  check_cxx_source_compiles("#include <sys/resource.h>
+    int main() {
+      struct rlimit limit;
+      limit.rlim_cur = 0;
+      limit.rlim_max = 0;
+      setrlimit(RLIMIT_CORE, &limit);
+      return 0;
+    }" HAVE_RLIMIT_CORE)
+
+  if(APPLE)
+    check_cxx_source_compiles("#include <sys/ptrace.h>
+      int main() { ptrace(PT_DENY_ATTACH, 0, 0, 0); return 0; }"
+      HAVE_PT_DENY_ATTACH)
+  endif()
+endif()
+
 include_directories(SYSTEM ${QT_INCLUDE_DIR} ${GCRYPT_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})

 add_subdirectory(src)
--- a/src/config-keepassx.h.cmake
+++ b/src/config-keepassx.h.cmake
@ -7,4 +7,8 @@

 #define KEEPASSX_SOURCE_DIR "${CMAKE_SOURCE_DIR}"

+#cmakedefine HAVE_PR_SET_DUMPABLE 1
+#cmakedefine HAVE_RLIMIT_CORE 1
+#cmakedefine HAVE_PT_DENY_ATTACH 1
+
 #endif // KEEPASSX_CONFIG_H
--- a/src/core/Tools.cpp
+++ b/src/core/Tools.cpp
@ -37,6 +37,16 @@
 #include <time.h> // for nanosleep()
 #endif

+#if defined(HAVE_PR_SET_DUMPABLE)
+#include <sys/prctl.h>
+#elif defined(HAVE_RLIMIT_CORE)
+#include <sys/resource.h>
+#endif
+
+#ifdef HAVE_PT_DENY_ATTACH
+#include <sys/ptrace.h>
+#endif
+
 namespace Tools {

 QString humanReadableFileSize(qint64 bytes)
@ -203,4 +213,29 @@ QString platform()
 #endif
 }

+void disableCoreDumps()
+{
+    bool success = false;
+
+    // prefer PR_SET_DUMPABLE since that also prevents ptrace
+#if defined(HAVE_PR_SET_DUMPABLE)
+    success = (prctl(PR_SET_DUMPABLE, 0) == 0);
+#elif defined(HAVE_RLIMIT_CORE)
+    struct rlimit limit;
+    limit.rlim_cur = 0;
+    limit.rlim_max = 0;
+    success = (setrlimit(RLIMIT_CORE, &limit) == 0);
+#endif
+
+    // Mac OS X
+#ifdef HAVE_PT_DENY_ATTACH
+    // make sure setrlimit() and ptrace() succeeded
+    success = success && (ptrace(PT_DENY_ATTACH, 0, 0, 0) == 0);
+#endif
+
+    if (!success) {
+        qWarning("Unable to disable core dumps.");
+    }
+}
+
 } // namespace Tools
--- a/src/core/Tools.h
+++ b/src/core/Tools.h
@ -38,6 +38,7 @@ bool isHex(const QByteArray& ba);
 void sleep(int ms);
 void wait(int ms);
 QString platform();
+void disableCoreDumps();

 } // namespace Tools

--- a/src/main.cpp
+++ b/src/main.cpp
@ -17,12 +17,17 @@

 #include <QtCore/QFile>

+#include "core/Tools.h"
 #include "crypto/Crypto.h"
 #include "gui/Application.h"
 #include "gui/MainWindow.h"

 int main(int argc, char** argv)
 {
+#ifdef QT_NO_DEBUG
+    Tools::disableCoreDumps();
+#endif
+
    Application app(argc, argv);
    // don't set applicationName or organizationName as that changes
    // QDesktopServices::storageLocation()