The dropped file

The dropped file

[Mark Wielaard]

Hi,

The relay_v2 transport creates a "dropped" file in the debugfs dir of
the module. This file is created with mode 0444 and so is readable for
everybody. That can at times lead to weird behavior since if somebody
has that file open the module can no longer unload, leading to a
successful script erroring out. Now this might not happen often, it was
a weird script I was running that caused it, but it seems just creating
the file with mode 0400 seems to work fine, and guards me from stupid
scripts. So I am testing that, but don't fully understand what reads the
dropped file on the other end. Anybody?

Thanks,

Mark

diff --git a/runtime/transport/relay_v2.c b/runtime/transport/relay_v2.c
index 562bcdc..ff621a4 100644
--- a/runtime/transport/relay_v2.c
+++ b/runtime/transport/relay_v2.c
@@ -287,7 +287,7 @@ static int _stp_transport_data_fs_init(void)
 
        /* Create "dropped" file. */
        _stp_relay_data.dropped_file
-               = debugfs_create_file("dropped", 0444, _stp_get_module_dir(),
+               = debugfs_create_file("dropped", 0400, _stp_get_module_dir(),
                                      NULL, &__stp_relay_dropped_fops);
        if (!_stp_relay_data.dropped_file) {
                rc = -EIO;

Re: The dropped file

[David Smith]

On 07/15/2011 06:47 AM, Mark Wielaard wrote:
> Hi,
> 
> The relay_v2 transport creates a "dropped" file in the debugfs dir of
> the module. This file is created with mode 0444 and so is readable for
> everybody. That can at times lead to weird behavior since if somebody
> has that file open the module can no longer unload, leading to a
> successful script erroring out. Now this might not happen often, it was
> a weird script I was running that caused it, but it seems just creating
> the file with mode 0400 seems to work fine, and guards me from stupid
> scripts. So I am testing that, but don't fully understand what reads the
> dropped file on the other end. Anybody?

The user reads the dropped file to know how many messages the relay
system had to drop because all the buffer were full.

Since the user owns the dropped file, I don't see how changing the mode
to 400 will help you here (now I don't believe it could hurt either).  I
guess it could keep others from keeping you from unloading your module.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: The dropped file

[Mark Wielaard]

Hi David,

On Fri, 2011-07-15 at 09:50 -0500, David Smith wrote:
> On 07/15/2011 06:47 AM, Mark Wielaard wrote:
> > The relay_v2 transport creates a "dropped" file in the debugfs dir of
> > the module. This file is created with mode 0444 and so is readable for
> > everybody. That can at times lead to weird behavior since if somebody
> > has that file open the module can no longer unload, leading to a
> > successful script erroring out. Now this might not happen often, it was
> > a weird script I was running that caused it, but it seems just creating
> > the file with mode 0400 seems to work fine, and guards me from stupid
> > scripts. So I am testing that, but don't fully understand what reads the
> > dropped file on the other end. Anybody?
> 
> The user reads the dropped file to know how many messages the relay
> system had to drop because all the buffer were full.

OK, so I still haven't found where in the code that is happening, but
that means only the user himself needs read access then.

> Since the user owns the dropped file, I don't see how changing the mode
> to 400 will help you here (now I don't believe it could hurt either).  I
> guess it could keep others from keeping you from unloading your module.

Yes, that was what was happening, some cron script was scanning over the
systemtap modules dir and happened to keep the dropped file open because
it was readable (long story, don't ask, me being a little stupid), and
so all my stap scripts started failing with me having to manually unload
the modules. Even thought the cron job was not running as me.

I hadn't thought about the user herself keeping the file open. That
would still be an issue, but is less malicious/annoying. I don't think
we can prevent that.

I'll commit the change to set the mode to 0400 then to make it less
likely that some other users does it just to annoy you.

Thanks,

Mark

Re: The dropped file

[David Smith]

On 07/15/2011 10:06 AM, Mark Wielaard wrote:
> I'll commit the change to set the mode to 0400 then to make it less
> likely that some other users does it just to annoy you.

That seems reasonable to me, go right ahead.

-- 
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Re: The dropped file

[Dave Brolley]

On 07/15/2011 11:10 AM, David Smith wrote:
> On 07/15/2011 10:06 AM, Mark Wielaard wrote:
>> I'll commit the change to set the mode to 0400 then to make it less
>> likely that some other users does it just to annoy you.
Especially unprivileged users!