ERROR: The effective user ID of staprun must be set to the root user.

ERROR: The effective user ID of staprun must be set to the root user.

[Jim Keniston]

I'm running 2.6.28 with yesterday's utrace bits, today's stap bits, and
elfutils 0.138.  When I run a stap script as a non-root member of group
stapdev (e.g., the "Hello, world" script shown here), upon completion of
the run, staprun reports:
ERROR: The effective user ID of staprun must be set to the root user.
  Check permissions on staprun and ensure it is a setuid root program.
and apparently fails to unload the stap-generated module.

I get no such message if I run stap as root.

stap -vvv reveals that staprun is /usr/local/bin/staprun, which is
indeed a setuid root program.

I built and installed stap as I always have:
./configure --with-elfutils=/.../elfutils-0.138
make
su -
make install

Note that the script runs to completion before I get the error message.

Any suggestions?

Thanks.
Jim
-----
[jimk@xxx stap]$ stap -v hi.stp
Pass 1: parsed user script and 48 library script(s) in
460usr/20sys/798real ms.
Pass 2: analyzed script: 1 probe(s), 2 function(s), 0 embed(s), 0
global(s) in 0usr/0sys/74real ms.
Pass 3: using
cached /home/jimk/.systemtap/cache/3e/stap_3ef244575eb0700481e9d673c7d9d914_354.c
Pass 4: using
cached /home/jimk/.systemtap/cache/3e/stap_3ef244575eb0700481e9d673c7d9d914_354.ko
Pass 5: starting run.
Error inserting module
'/tmp/stapiMOfTu/stap_3ef244575eb0700481e9d673c7d9d914_354.ko': File
exists
Retrying, after attempted removal of module
stap_3ef244575eb0700481e9d673c7d9d914_354 (rc 0)
Hi.
ERROR: The effective user ID of staprun must be set to the root user.
  Check permissions on staprun and ensure it is a setuid root program.
Pass 5: run completed in 10usr/0sys/162real ms.
Pass 5: run failed.  Try again with another '--vp 00001' option.
[jimk@xxx stap]$ which stap
/usr/local/bin/stap
[jimk@xxx stap]$ which staprun
/usr/local/bin/staprun
[jimk@xxx stap]$ ls -l /usr/local/bin/staprun
---s--x--x 1 root root 76026 2009-01-08 10:39 /usr/local/bin/staprun
[jimk@xxx stap]$ lsmod | grep stap
stap_3ef244575eb0700481e9d673c7d9d914_354    27240  0 
stap_7f0af3bd64bc4349367c78489e1f6351_98711   164088  0 
[jimk@xxx stap]$ cat hi.stp
probe begin {
	log("Hi.")
	exit()
}
[jimk@xxx stap]$

Re: ERROR: The effective user ID of staprun must be set to the root user.

[David Smith]

Jim Keniston wrote:
> I'm running 2.6.28 with yesterday's utrace bits, today's stap bits, and
> elfutils 0.138.  When I run a stap script as a non-root member of group
> stapdev (e.g., the "Hello, world" script shown here), upon completion of
> the run, staprun reports:
> ERROR: The effective user ID of staprun must be set to the root user.
>   Check permissions on staprun and ensure it is a setuid root program.
> and apparently fails to unload the stap-generated module.
> 
> I get no such message if I run stap as root.

I'm seeing the same thing on a rawhide system running
2.6.29-0.18.rc0.git9.fc11.x86_64.  At least for me, when I get that
error that means that the module didn't get removed correctly.

I'm unsure why this is happening.  I don't appear to be getting selinux
messages.

I was looking into this yesterday, but got sidetracked.  I'll try to
poke around more, but feel free to join me.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: ERROR: The effective user ID of staprun must be set to the root user.

[David Smith]

David Smith wrote:
> I was looking into this yesterday, but got sidetracked.  I'll try to
> poke around more, but feel free to join me.

FYI, I just disabled selinux and I see the same problem.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: ERROR: The effective user ID of staprun must be set to the root user.

[Frank Ch. Eigler]

Jim Keniston <jkenisto@us.ibm.com> writes:

> [...]
> Pass 5: starting run.
> Error inserting module
> '/tmp/stapiMOfTu/stap_3ef244575eb0700481e9d673c7d9d914_354.ko': File
> exists
> Retrying, after attempted removal of module
> stap_3ef244575eb0700481e9d673c7d9d914_354 (rc 0)

This suggests that the module was left in memory after a previous run,
as if "staprun -d" failed.

> ERROR: The effective user ID of staprun must be set to the root user.
>   Check permissions on staprun and ensure it is a setuid root program.

According to the source code, this comes from a specific check
upon geteuid() != 0.  So the setuid mechanism may be defeated
somehow - perhaps /usr/local is mounted nosuid?

> Pass 5: run completed in 10usr/0sys/162real ms.
> Pass 5: run failed.  Try again with another '--vp 00001' option.
> [...]
> [jimk@xxx stap]$ lsmod | grep stap
> stap_3ef244575eb0700481e9d673c7d9d914_354    27240  0 
> stap_7f0af3bd64bc4349367c78489e1f6351_98711   164088  0 

This suggests that the same condition.


- FChE

Re: ERROR: The effective user ID of staprun must be set to the root user.

[David Smith]

Frank Ch. Eigler wrote:
> Jim Keniston <jkenisto@us.ibm.com> writes:
> 
>> [...]
>> Pass 5: starting run.
>> Error inserting module
>> '/tmp/stapiMOfTu/stap_3ef244575eb0700481e9d673c7d9d914_354.ko': File
>> exists
>> Retrying, after attempted removal of module
>> stap_3ef244575eb0700481e9d673c7d9d914_354 (rc 0)
> 
> This suggests that the module was left in memory after a previous run,
> as if "staprun -d" failed.

That is what is failing for me.  Here's what I'm seeing.

1) stap exec's staprun, which is a setuid root program
2) staprun (as root), inserts the module
3) staprun prepares to run stapio by calling 'setresuid()' to drop root
permissions
4) staprun execs stapio
5) stapio when finished, exec's "staprun -d" to remove the module
6) staprun, even though setuid root, still has the effective uid of the
user, not root.  So, it exits early without removing the module.  If I
remove the check for effective uid of root, removing the module fails.

I'm unsure as to what is going on here.  If I ifdef out the call to
setresuid(), it works (but of course stapio isn't designed to be run as
root).  I've written a small test program, but it works correctly.  So,
I'm unsure as to what we're doing that triggers this behavior.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: ERROR: The effective user ID of staprun must be set to the root user.

[Roland McGrath]

Check the Uid: and Cap*: lines in /proc/PID/status for the process
at each step.  Compare with your small test program.

Try booting with "no_file_caps" (I really don't know the stuff
that disables, but it's something).

Re: ERROR: The effective user ID of staprun must be set to the root user.

[Jim Keniston]

On Fri, 2009-01-09 at 15:32 -0500, Frank Ch. Eigler wrote:
...
> > ERROR: The effective user ID of staprun must be set to the root user.
> >   Check permissions on staprun and ensure it is a setuid root program.
> 
> According to the source code, this comes from a specific check
> upon geteuid() != 0.  So the setuid mechanism may be defeated
> somehow - perhaps /usr/local is mounted nosuid?
...
> - FChE

Thanks, but I don't think that that's what's going on.
$ df /usr/local
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/hda1             24795964   6914364  16601696  30% /
$ mount
/dev/hda1 on / type ext3 (rw)
The options field for / in /etc/fstab is "defaults".

Jim

Re: ERROR: The effective user ID of staprun must be set to the root user.

[David Smith]

Roland McGrath wrote:
> Check the Uid: and Cap*: lines in /proc/PID/status for the process
> at each step.  Compare with your small test program.

On f9 (2.6.27.5-41.fc9.x86_64), where this works as desired, I see this:

- 1st staprun:
Uid:	5183	0	0	0
CapInh:	0000000000000000
CapPrm:	ffffffffffffffff
CapEff:	ffffffffffffffff
CapBnd:	ffffffffffffffff
- stapio:
Uid:	5183	5183	5183	5183
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	ffffffffffffffff
- 2nd staprun:
Uid:	5183	0	0	0
CapInh:	0000000000000000
CapPrm:	ffffffffffffffff
CapEff:	ffffffffffffffff
CapBnd:	ffffffffffffffff

Note that the 1st staprun output and the 2nd staprun output are the
same, which is how it should be.

On rawhide (2.6.29-0.18.rc0.git9.fc11.x86_64), where I see the problem,
I see this:

- 1st staprun:
Uid:	5183	0	0	0
CapInh:	0000000000000000
CapPrm:	ffffffffffffffff
CapEff:	ffffffffffffffff
CapBnd:	ffffffffffffffff
- stapio:
Uid:	5183	5183	5183	5183
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	ffffffffffffffff
- 2nd staprun:
Uid:	5183	5183	5183	5183
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	ffffffffffffffff

As you can see, the 2nd staprun's uid/cap output looks like the setuid
permissions of staprun didn't take effect for some unknown reason.

I've done the same thing as the above with my little test program on my
rawhide system, and the output looks just like the (correct) f9 output
shown above.

> Try booting with "no_file_caps" (I really don't know the stuff
> that disables, but it's something).

I've done this, but it didn't make any noticeable difference.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: ERROR: The effective user ID of staprun must be set to the root user.

[Roland McGrath]

Hmm.  No clues here, sorry.  I can think of two approaches.

One is to debug the exec path in the kernel and track down
what is or isn't happening differently.  Look at current->cred
and figure out where those values change, or where the new
struct gets installed.  (I presume you'd do this with stap.)

The other is to strip down staprun/stapio, or build up your test program,
until you hit the difference.  Clearly it's doing something other than what
your test program does, since it behaves differently.  It might be that it
has used some syscalls that set some magic bit in the kernel affecting
later setuid.  Narrow down by process of elimination.