Layering an IDS on Linux - prepwork
Miloslav Trmac
mitr at volny.cz
Sun Aug 5 16:02:33 UTC 2007
Steve G napsal(a):
>>>> abort() is the traditional way to abort a program when an assertion
>>>> fails (developers might need the core file in that case),
>>> Which is ok in the debug case. For a production webserver its a different
>>> story.
>> Even in production code it is useful to abort() in "can't happen"
>> branches. The cost of the additional code is negligible.
> This is the issue that I'm trying to raise awareness about. Most of the time,
> programmers just want the program to end with an error code. They have no use for
> a core dump since its deployed in a million end user's machines and they will not
> be forwarding that core dump to the developer. Think of it, is there any reason
> for dhcdbd to dump core *every time* it runs? Will anyone be looking at that core
> dump?
Fedora runs (ulimit -S -c 0) in /etc/profile, so no process doesn't dump
core by default. It dumps core only on machines of developers that have
explicitly overridden the ulimit setting, or when the user was
instructed to enable core dumps during troubleshooting.
I don't know about the specific case of dhcdbd - maybe it uses abort()
when it should use exit(nonzero). But in general, abort() is useful
even on production systems.
Mirek
More information about the fedora-devel-list
mailing list