* [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users
@ 2008-09-18 15:13 scox at redhat dot com
2008-09-18 19:34 ` [Bug runtime/6903] " dsmith at redhat dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: scox at redhat dot com @ 2008-09-18 15:13 UTC (permalink / raw)
To: systemtap
# It is expected that running a systemtap script will fail for normal users
> /usr/bin/stap -e 'probe begin { printf("hello\n"); exit() }'
Copy failed ("/tmp/stap7JpfJ9/stap_0a799d701652d96117065a219429e3fa_284.ko" to
"/home/scox/.systemtap/cache/0a/stap_0a799d701652d96117065a219429e3fa_284.ko"):
Permission denied
ERROR: You are trying to run stap as a normal user.
# However recent versions of stap incorrectly succeed for normal users
> stap -V
SystemTap translator/driver (version 0.7.1/0.135 git branch master, commit e071e49b)
> id
uid=2558(scox) gid=2563(scox) groups=2563(scox)
# stap complains about caching but otherwise the script seems to work okay
# stap -e 'probe process("/bin/ls").end {printf("in probe process")}'
Copy failed ("/tmp/stapd07mpW/stap_cdf5233cb3f66091de60800627346256_233.ko" to
"/home/scox/.systemtap/cache/cd/stap_cdf5233cb3f66091de60800627346256_233.ko"):
Permission denied
in probe processin probe process^C>
> /usr/local/bin/stap -e 'probe begin { printf("hello\n"); exit() }'
Copy failed ("/tmp/stapXuiEoI/stap_a525970ce776d4cd67c058513e04a605_303.ko" to
"/home/scox/.systemtap/cache/a5/stap_a525970ce776d4cd67c058513e04a605_303.ko"):
Permission denied
hello
--
Summary: scripts can be run by non-sudo and non-stapdev users
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: scox at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=6903
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug runtime/6903] scripts can be run by non-sudo and non-stapdev users
2008-09-18 15:13 [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users scox at redhat dot com
@ 2008-09-18 19:34 ` dsmith at redhat dot com
2008-09-18 20:14 ` dsmith at redhat dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: dsmith at redhat dot com @ 2008-09-18 19:34 UTC (permalink / raw)
To: systemtap
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
http://sourceware.org/bugzilla/show_bug.cgi?id=6903
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug runtime/6903] scripts can be run by non-sudo and non-stapdev users
2008-09-18 15:13 [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users scox at redhat dot com
2008-09-18 19:34 ` [Bug runtime/6903] " dsmith at redhat dot com
@ 2008-09-18 20:14 ` dsmith at redhat dot com
2008-09-18 21:27 ` dsmith at redhat dot com
2008-09-19 12:44 ` fche at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: dsmith at redhat dot com @ 2008-09-18 20:14 UTC (permalink / raw)
To: systemtap
------- Additional Comments From dsmith at redhat dot com 2008-09-18 20:13 -------
Assuming I ran "git bisect" correctly, the following commits are when this
behaviour started:
6fa7bd6e70f8f6d783395399c92a9a13d24ce997
337cd273963410c9a1fa46b10287e72c146df054
(There are 2 commits since the tree doesn't compile after the first commit.)
Here are the log entries from those commits:
Author: Frank Ch. Eigler <fche@elastic.org>
Date: Fri Sep 5 13:02:37 2008 -0400
remove capability logic
It was only barely beneficial anyway, since some crucial
capabilities were never permanently dropped.
Author: Frank Ch. Eigler <fche@elastic.org>
Date: Fri Sep 5 13:02:56 2008 -0400
remove capabilities logic, cont'd
Now to figure out why removing the capability logic allows anyone to run
systemtap...
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6903
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug runtime/6903] scripts can be run by non-sudo and non-stapdev users
2008-09-18 15:13 [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users scox at redhat dot com
2008-09-18 19:34 ` [Bug runtime/6903] " dsmith at redhat dot com
2008-09-18 20:14 ` dsmith at redhat dot com
@ 2008-09-18 21:27 ` dsmith at redhat dot com
2008-09-19 12:44 ` fche at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: dsmith at redhat dot com @ 2008-09-18 21:27 UTC (permalink / raw)
To: systemtap
------- Additional Comments From dsmith at redhat dot com 2008-09-18 21:26 -------
Originally, staprun.c:main() called cap.c:init_cap(), which did the following:
void init_cap(void)
{
uid_t uid = getuid();
gid_t gid = getgid();
...
if (setresuid(uid, uid, uid) < 0)
ferror("setresuid");
if (setresgid(gid, gid, gid) < 0)
ferror("setresgid");
}
Which basically set the effective and saved user/group ids to the real
user/group id.
Then, staprun.c:main() called staprun_funcs.c:check_permissions()
int check_permissions(void)
{
/* If we're root, we can do anything. */
if (geteuid() == 0)
return 1;
...
}
Without the code in init_cap(), the euid of staprun is always 0, since staprun
is setuid 0. Changing that 'geteuid()' call to 'getuid()' seems to fix the problem.
Fixed in commit 0387bde.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=6903
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug runtime/6903] scripts can be run by non-sudo and non-stapdev users
2008-09-18 15:13 [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users scox at redhat dot com
` (2 preceding siblings ...)
2008-09-18 21:27 ` dsmith at redhat dot com
@ 2008-09-19 12:44 ` fche at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fche at redhat dot com @ 2008-09-19 12:44 UTC (permalink / raw)
To: systemtap
------- Additional Comments From fche at redhat dot com 2008-09-19 12:42 -------
Thanks for finding and fixing this brown-paper-bag bug of mine.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6903
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-09-19 12:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-09-18 15:13 [Bug runtime/6903] New: scripts can be run by non-sudo and non-stapdev users scox at redhat dot com
2008-09-18 19:34 ` [Bug runtime/6903] " dsmith at redhat dot com
2008-09-18 20:14 ` dsmith at redhat dot com
2008-09-18 21:27 ` dsmith at redhat dot com
2008-09-19 12:44 ` fche at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).