Re: Trying not call elfutils functions in ABRT under root

Re: Trying not call elfutils functions in ABRT under root

[Adam Sulc]

[-- Attachment #1: Type: text/plain, Size: 392 bytes --]

Thanks for reply.

Ptrace process before dropping privileges does not allow me to traverse mem files. Still problem persists>

https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L430

How to pass the "/proc/[tid]/mem" file opened under root to dwfl_linux_proc_find_elf in order to traverse this file after dropping the privileges.

Re: Trying not call elfutils functions in ABRT under root

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 1338 bytes --]

On Thu, 2016-12-01 at 20:44 +0000, Adam Sulc wrote:
> Ptrace process before dropping privileges does not allow me to traverse mem files. Still problem persists>

OK. Do you have a code example and what errors you get?

> https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L430

That is an asprintf call. If that fails that indicates some memory
allocation issue, not an error accessing files.

BTW. Is that a fork of elfutils?
What kind of changes did you make to it?

> How to pass the "/proc/[tid]/mem" file opened under root to
> dwfl_linux_proc_find_elf in order to traverse this file after dropping
> the privileges.

You cannot easily unless you write your own Dwfl_Callbacks.find_elf
handler. I assumed that if you were ptrace attached already you would be
able to access that file. Apparently not. Do you get the same issue if
you drop privileges to the uid of the process you are inspecting?

Note that this code path should only be called if the ELF module
couldn't be found on the file system. In that case it will try to slurp
it from the process memory. If you could provide an example of what kind
of setup you have, what callbacks you installed and the proc files in
question that would be helpful to see what is going on.

Cheers,

Mark

Re: Trying not call elfutils functions in ABRT under root

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 1481 bytes --]

Hi Adam,

On Wed, 2016-11-30 at 08:00 +0000, Adam Sulc wrote:
> im using elfutils in ABRT program specifically when generating
> core_backtrace. According to this
> https://github.com/abrt/abrt/issues/890 post, it is not a good idea
> using elfutils under root. So I have tried moving as much elfutils
> function calls to non-root process as possible. That means the parent
> process is forked and in child process there are opened necessary
> files:
> [...]
> Is there any way how I can pass the opened files to elfutils
> functions? Especially for "/etc/[tid]/mem" which is needed in
> dwfl_linux_proc_find_elf that is part of Dwfl_Callbacks proc_cb ?

You wrote /etc, but I assume you meant /proc files.
Instead of using dwfl_linux_proc_report you can use
dwfl_linux_proc_maps_report which you can pass a file. But some of the
other proc files might be opened by the library itself if necessary when
working on an running process. If you change the UID to the user running
that process you should still be able to open those files.

Alternatively if you ptace attach to that process before dropping
privileges the library should be able to access those (in theory, I
didn't actually try that myself - you might be able to just run
dwfl_linux_proc_attach as root, or maybe do the ptrace attach by hand
and stop the thread under inspection before dropping privileges and call
dwfl_linux_proc_attach with assume_ptrace_stopped = true).

Cheers,

Mark

Trying not call elfutils functions in ABRT under root

[Adam Sulc]

[-- Attachment #1: Type: text/plain, Size: 1563 bytes --]

Hello,

im using elfutils in ABRT program specifically when generating core_backtrace. According to this https://github.com/abrt/abrt/issues/890 post, it is not a good idea using elfutils under root. So I have tried moving as much elfutils function calls to non-root process as possible. That means the parent process is forked and in child process there are opened necessary files:

https://github.com/xsulca00/abrt/blob/iss%23890/src/hooks/abrt-hook-ccpp.c#L1321
https://github.com/xsulca00/satyr/blob/iss%23890/lib/core_unwind_elfutils.c#L242

and then UID and GID of child is changed and then I can call elfutils in this function:

https://github.com/xsulca00/abrt/blob/iss%23890/src/hooks/abrt-hook-ccpp.c#L1361
https://github.com/xsulca00/satyr/blob/iss%23890/lib/core_unwind_elfutils.c#L392

Is there any way how I can pass the opened files to elfutils functions? Especially for "/etc/[tid]/mem" which is needed in dwfl_linux_proc_find_elf that is part of Dwfl_Callbacks proc_cb ?

Current problem im solving is 

int dwfl_linux_proc_find_elf function:
https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L372

where :
https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L429#L439

s hard-coded opening "/proc/%d/mem" file. Is there any way, how to open this file  "/proc/%d/mem" under root and then pass the opened file to this function in order to avoid running "dwfl_linux_proc_find_elf" function under root?

Thank you