commit e967988e419121cad1d7f40013a316059b1173f0 Author: Frank Ch. Eigler <f...@redhat.com> Date: Tue Oct 10 16:21:00 2023 -0400
PR30962: debuginfod: full paths for X-DEBUGINFOD-FILE/ARCHIVE response headers Previous code was inconsistent in offering basename versus full pathname for these headers. The documentation was not explicit on this issue. We now simplify by always passing full names back, and document this in the debuginfod.8 man page, along with pointers to how to use proxy front-end servers to strip them if needed. Signed-Off-By: Frank Ch. Eigler <f...@redhat.com> diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx index e53228803bb0..c11aeda1a3af 100644 --- a/debuginfod/debuginfod.cxx +++ b/debuginfod/debuginfod.cxx @@ -1876,11 +1876,10 @@ handle_buildid_f_match (bool internal_req_t, } else { - std::string file = b_source0.substr(b_source0.find_last_of("/")+1, b_source0.length()); add_mhd_response_header (r, "Content-Type", "application/octet-stream"); add_mhd_response_header (r, "X-DEBUGINFOD-SIZE", to_string(s.st_size).c_str()); - add_mhd_response_header (r, "X-DEBUGINFOD-FILE", file.c_str()); + add_mhd_response_header (r, "X-DEBUGINFOD-FILE", b_source0.c_str()); add_mhd_last_modified (r, s.st_mtime); if (verbose > 1) obatched(clog) << "serving file " << b_source0 << " section=" << section << endl; @@ -2164,14 +2163,12 @@ handle_buildid_r_match (bool internal_req_p, } else { - std::string file = b_source1.substr(b_source1.find_last_of("/")+1, b_source1.length()); add_mhd_response_header (r, "Content-Type", "application/octet-stream"); add_mhd_response_header (r, "X-DEBUGINFOD-SIZE", to_string(archive_entry_size(e)).c_str()); - add_mhd_response_header (r, "X-DEBUGINFOD-ARCHIVE", - b_source0.c_str()); - add_mhd_response_header (r, "X-DEBUGINFOD-FILE", file.c_str()); + add_mhd_response_header (r, "X-DEBUGINFOD-ARCHIVE", b_source0.c_str()); + add_mhd_response_header (r, "X-DEBUGINFOD-FILE", b_source1.c_str()); add_mhd_last_modified (r, archive_entry_mtime(e)); if (verbose > 1) obatched(clog) << "serving archive " << b_source0 diff --git a/doc/debuginfod.8 b/doc/debuginfod.8 index d4316bec8175..7003a5823d34 100644 --- a/doc/debuginfod.8 +++ b/doc/debuginfod.8 @@ -307,11 +307,11 @@ can take advantage of standard HTTP management infrastructure. Upon finding a file in an archive or simply in the database, some custom http headers are added to the response. For files in the database X-DEBUGINFOD-FILE and X-DEBUGINFOD-SIZE are added. -X-DEBUGINFOD-FILE is simply the unescaped filename and +X-DEBUGINFOD-FILE is simply the full path name and X-DEBUGINFOD-SIZE is the size of the file. For files found in archives, in addition to X-DEBUGINFOD-FILE and X-DEBUGINFOD-SIZE, -X-DEBUGINFOD-ARCHIVE is added. X-DEBUGINFOD-ARCHIVE is the name of the -archive the file was found in. +X-DEBUGINFOD-ARCHIVE is added. X-DEBUGINFOD-ARCHIVE is the full path +name of the archive the file was found in. There are three requests. In each case, the buildid is encoded as a lowercase hexadecimal string. For example, for a program \fI/bin/ls\fP, @@ -485,8 +485,9 @@ a denial-of-service in terms of RAM, CPU, disk I/O, or network I/O. If this is a problem, users are advised to install debuginfod with a HTTPS reverse-proxy front-end that enforces site policies for firewalling, authentication, integrity, authorization, and load -control. The \fI/metrics\fP webapi endpoint is probably not -appropriate for disclosure to the public. +control. Front-end proxies can also elide sensitive path name +components in X-DEBUGINFOD-FILE/ARCHIVE response headers, +for example using Apache httpd's \fBmod_header\fP "Header edit". When relaying queries to upstream debuginfods, debuginfod \fBdoes not\fP include any particular security features. It trusts that the binaries diff --git a/tests/run-debuginfod-response-headers.sh b/tests/run-debuginfod-response-headers.sh index 8cb7b843d19d..fbb6a4842fa4 100755 --- a/tests/run-debuginfod-response-headers.sh +++ b/tests/run-debuginfod-response-headers.sh @@ -78,8 +78,8 @@ tempfiles vlog-find$PORT1.1 errfiles vlog-find$PORT1.1 cat vlog-find$PORT1.1 grep 'Headers:' vlog-find$PORT1.1 -grep -i 'X-DEBUGINFOD-FILE: prog' vlog-find$PORT1.1 -grep -i 'X-DEBUGINFOD-SIZE: ' vlog-find$PORT1.1 +grep -i 'X-DEBUGINFOD-FILE: .*/prog' vlog-find$PORT1.1 +grep -i 'X-DEBUGINFOD-SIZE: ' vlog-find$PORT1.1 # Check to see if an executable file located in an archive prints the file's description and archive env DEBUGINFOD_URLS="http://127.0.0.1:"$PORT1 LD_LIBRARY_PATH=$ldpath ${abs_top_builddir}/debuginfod/debuginfod-find\ @@ -88,9 +88,9 @@ tempfiles vlog-find$PORT1.2 errfiles vlog-find$PORT1.2 cat vlog-find$PORT1.2 grep 'Headers:' vlog-find$PORT1.2 -grep -i 'X-DEBUGINFOD-FILE: ' vlog-find$PORT1.2 +grep -i 'X-DEBUGINFOD-FILE: .*/.*' vlog-find$PORT1.2 grep -i 'X-DEBUGINFOD-SIZE: ' vlog-find$PORT1.2 -grep -i 'X-DEBUGINFOD-ARCHIVE: ' vlog-find$PORT1.2 +grep -i 'X-DEBUGINFOD-ARCHIVE: .*/.*' vlog-find$PORT1.2 # Check that X-DEBUGINFOD-SIZE matches the size of each file for file in vlog-find$PORT1.1 vlog-find$PORT1.2