Hi Adam, On Fri, 2017-05-05 at 18:25 +0200, Adam Šulc wrote: > I work on ABRT improvement in order to increase security related to > core backtrace generating using elfutils library. > Here is a short description of my problem: > > Goal is to not call base code in elfutils and gdb functions under root. > If you are more interested you can read more there: > https://github.com/abrt/abrt/issues/890 > > We need root for opening /proc files only.
And, depending on system settings, for ptrace attach or other interprocess services like reading memory with process_vm_read. > First, we open these files under root, > then we drop capabilities & privileges and finally, we generate > core_backtrace. If you just drop privileges to the user owning the process you should keep having access. > We have one problem that still persists, we need to pass the opened > /proc/[tid]/mem file to this function: > dwfl_linux_proc_find_elf > Because this function opens the /proc/[tid]/mem file itself, thus it > is hard coded and we cannot pass our /proc/[tid]/mem file pointer: > https://github.com/abrt/satyr/blob/master/lib/core_unwind_elfutils.c#L246 > So we dont know how to pass the opened file to this function. > > Do you have any idea how to pass the open file descriptor into the > function? Or what is the best way how to achieve this? You cannot easily unless you write your own Dwfl_Callbacks.find_elf handler. But as long as you only drop privileges to the user owning the process you should be able to open that file. Note that this code path should only be called if the ELF module couldn't be found on the file system. In that case it will try to slurp it from the process memory. Does that fallback path not work as intended for your setup? Cheers, Mark
