From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9228 invoked by alias); 18 Oct 2017 15:56:09 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 9216 invoked by uid 89); 18 Oct 2017 15:56:09 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=laptop, polished, passwords, depressing X-HELO: mx0a-001b2d01.pphosted.com Received: from mx0a-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com) (148.163.156.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 18 Oct 2017 15:56:07 +0000 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v9IFttXw052742 for ; Wed, 18 Oct 2017 11:56:06 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0a-001b2d01.pphosted.com with ESMTP id 2dp61myj87-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 18 Oct 2017 11:56:06 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 18 Oct 2017 16:56:03 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 18 Oct 2017 16:56:01 +0100 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v9IFu1Iv25166004; Wed, 18 Oct 2017 15:56:01 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AFDA042041; Wed, 18 Oct 2017 16:51:33 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 894244203F; Wed, 18 Oct 2017 16:51:33 +0100 (BST) Received: from oc1027705133.ibm.com (unknown [9.152.212.164]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Wed, 18 Oct 2017 16:51:33 +0100 (BST) From: Andreas Arnez To: Pedro Alves Cc: gdb-patches@sourceware.org Subject: Re: [PATCH 2/2] GDB test suite: Get core files on targets with systemd-coredump References: <1505760152-28775-1-git-send-email-arnez@linux.vnet.ibm.com> <1505760152-28775-3-git-send-email-arnez@linux.vnet.ibm.com> <38b0202f-5c78-a8bb-7bc8-e86f3a02ca33@redhat.com> Date: Wed, 18 Oct 2017 15:56:00 -0000 In-Reply-To: (Pedro Alves's message of "Tue, 17 Oct 2017 19:08:58 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-TM-AS-GCONF: 00 x-cbid: 17101815-0040-0000-0000-00000404140A X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17101815-0041-0000-0000-000020A66508 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-10-18_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710180221 X-IsSubscribed: yes X-SW-Source: 2017-10/txt/msg00570.txt.bz2 On Tue, Oct 17 2017, Pedro Alves wrote: > On 10/17/2017 06:36 PM, Andreas Arnez wrote: [...] >> This might be the right trade-off if we expect test cases to be executed >> only on systems that the user has full control over. But I consider >> this restriction too tight and would prefer a "best effort" approach >> instead. Maybe we should emit a warning *and* try our best to execute >> the test? > > Not sure, really. It seems like the "best effort" results in > racy tests, e.g., if "coredumpctl" returns an old dump, or > if coredumpctl decides to rate-limit core dump generation (which > according to the docs, it does). It very much sounds like that > can lead to hard to diagnose problems and send GDB hackers tilting > at windmills. That might be. However, the same problems may affect *any* coredumpctl user, not just the GDB test suite. And coredumpctl users are *our* users, after all. Maybe we should postpone GDB test suite support for systemd-coredump until these problems are fixed. But if all "informed developers" just give up and disable systemd-coredump, I fear that they will never be addressed. > >> >>> I mean, you already have to tweak other things in the system in >>> order to be able to run the testsuite correctly. For example, >>> you have to tweak /proc/sys/kernel/yama/ptrace_scope to make >>> attach tests work at all, for example. systemd-coredump kind of >>> seems like more of the same. >> >> So should we document a sequence of admin commands that makes a system >> debug-ready, or in particular ready for the GDB test suite? > > IMO, yes. We already have something like that, but it's mixed with > the instructions for setting up builders: > > https://sourceware.org/gdb/wiki/BuildBot#Fedora-specific_instructions > > (Note we already suggest disabling ABRT and tweaking > kernel.core_pattern.) > > It'd be great to move that info to some specific page about setting > up an environment for developing and testing GDB. Also, some of > the command sequences there could move to scripts under gdb/contrib/, > IMHO. Yeah, that would be good. > >> >> But I'm not so sure about this. IMHO a default mainstream Linux >> installation should be suited for development- and debugging purposes >> *without* any tweaking. Also, if there are good reasons for a security >> measure, we shouldn't rely on disabling it globally. > > I think that battle is lost. That surely sounds depressing... I guess I'm late to the battlefield then ;-) > Mainstream Linux installations are already very much not suited for > development OOTB. You have to install a bunch of development packages > that are not installed by default, before you can build anything, > including compiler, etc. If you can install packages, then you can > also disable a few features that really are not meant for development > environments. What we're missing is a simple "one-click button" way > to adapt an installation / user environment for development. Let me just point out that I see a difference between installing additional packages and disabling security measures. Admins might be easily convinced to do the former, but there will probably be more push back on the latter. A "one-click button" would not really help with that. And all this sounds as if developers were no longer seen as a target group of a Fedora distribution, say. On the other hand -- quote --: "Fedora Workstation is a polished, easy to use operating system for laptop and desktop computers, with a complete set of tools for developers and makers of all kinds." > >> >> With respect to Yama's ptrace scope, the distributions seem to differ. >> For instance, Fedora does not activate it by default >> (https://fedoraproject.org/wiki/Security_Features_Matrix), while Ubuntu >> does (https://wiki.ubuntu.com/Security/Features). And I wonder whether >> this feature couldn't be adjusted to be more debug-friendly either. > > The whole point of the feature is to prevent debugging, so I don't > see how, off hand. Well, I think the goal is to prevent visibility of sensitive data like passwords and keys through ptrace -- which is a fair point. But does this really require disabling ptrace from "non-ancestor" processes completely? It just seems to me that the collateral damage to debug capabilities was accepted too easily in this design. [...] Anyway, regarding GDB test suite support for systemd-coredump, I won't push too hard. While I have a slight preference towards "best effort", I understand your concern with possible surprises. So I'm fine with dropping this patch. Patch #1 in this series might still be useful, so I'll send an updated version of it. -- Andreas