Re: Trying not call elfutils functions in ABRT under root
On Thu, 2016-12-01 at 20:44 +, Adam Sulc wrote: > Ptrace process before dropping privileges does not allow me to traverse mem > files. Still problem persists> OK. Do you have a code example and what errors you get? > https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L430 That is an asprintf call. If that fails that indicates some memory allocation issue, not an error accessing files. BTW. Is that a fork of elfutils? What kind of changes did you make to it? > How to pass the "/proc/[tid]/mem" file opened under root to > dwfl_linux_proc_find_elf in order to traverse this file after dropping > the privileges. You cannot easily unless you write your own Dwfl_Callbacks.find_elf handler. I assumed that if you were ptrace attached already you would be able to access that file. Apparently not. Do you get the same issue if you drop privileges to the uid of the process you are inspecting? Note that this code path should only be called if the ELF module couldn't be found on the file system. In that case it will try to slurp it from the process memory. If you could provide an example of what kind of setup you have, what callbacks you installed and the proc files in question that would be helpful to see what is going on. Cheers, Mark ___ elfutils-devel mailing list -- elfutils-devel@lists.fedorahosted.org To unsubscribe send an email to elfutils-devel-le...@lists.fedorahosted.org
Re: Trying not call elfutils functions in ABRT under root
Thanks for reply. Ptrace process before dropping privileges does not allow me to traverse mem files. Still problem persists> https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L430 How to pass the "/proc/[tid]/mem" file opened under root to dwfl_linux_proc_find_elf in order to traverse this file after dropping the privileges. ___ elfutils-devel mailing list -- elfutils-devel@lists.fedorahosted.org To unsubscribe send an email to elfutils-devel-le...@lists.fedorahosted.org
Re: Trying not call elfutils functions in ABRT under root
Hi Adam, On Wed, 2016-11-30 at 08:00 +, Adam Sulc wrote: > im using elfutils in ABRT program specifically when generating > core_backtrace. According to this > https://github.com/abrt/abrt/issues/890 post, it is not a good idea > using elfutils under root. So I have tried moving as much elfutils > function calls to non-root process as possible. That means the parent > process is forked and in child process there are opened necessary > files: > [...] > Is there any way how I can pass the opened files to elfutils > functions? Especially for "/etc/[tid]/mem" which is needed in > dwfl_linux_proc_find_elf that is part of Dwfl_Callbacks proc_cb ? You wrote /etc, but I assume you meant /proc files. Instead of using dwfl_linux_proc_report you can use dwfl_linux_proc_maps_report which you can pass a file. But some of the other proc files might be opened by the library itself if necessary when working on an running process. If you change the UID to the user running that process you should still be able to open those files. Alternatively if you ptace attach to that process before dropping privileges the library should be able to access those (in theory, I didn't actually try that myself - you might be able to just run dwfl_linux_proc_attach as root, or maybe do the ptrace attach by hand and stop the thread under inspection before dropping privileges and call dwfl_linux_proc_attach with assume_ptrace_stopped = true). Cheers, Mark ___ elfutils-devel mailing list -- elfutils-devel@lists.fedorahosted.org To unsubscribe send an email to elfutils-devel-le...@lists.fedorahosted.org
Trying not call elfutils functions in ABRT under root
Hello, im using elfutils in ABRT program specifically when generating core_backtrace. According to this https://github.com/abrt/abrt/issues/890 post, it is not a good idea using elfutils under root. So I have tried moving as much elfutils function calls to non-root process as possible. That means the parent process is forked and in child process there are opened necessary files: https://github.com/xsulca00/abrt/blob/iss%23890/src/hooks/abrt-hook-ccpp.c#L1321 https://github.com/xsulca00/satyr/blob/iss%23890/lib/core_unwind_elfutils.c#L242 and then UID and GID of child is changed and then I can call elfutils in this function: https://github.com/xsulca00/abrt/blob/iss%23890/src/hooks/abrt-hook-ccpp.c#L1361 https://github.com/xsulca00/satyr/blob/iss%23890/lib/core_unwind_elfutils.c#L392 Is there any way how I can pass the opened files to elfutils functions? Especially for "/etc/[tid]/mem" which is needed in dwfl_linux_proc_find_elf that is part of Dwfl_Callbacks proc_cb ? Current problem im solving is int dwfl_linux_proc_find_elf function: https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L372 where : https://github.com/xsulca00/elfutils-for-satyr/blob/satyr_dwfl_linux_proc_report/libdwfl/linux-proc-maps.c#L429#L439 s hard-coded opening "/proc/%d/mem" file. Is there any way, how to open this file "/proc/%d/mem" under root and then pass the opened file to this function in order to avoid running "dwfl_linux_proc_find_elf" function under root? Thank you ___ elfutils-devel mailing list -- elfutils-devel@lists.fedorahosted.org To unsubscribe send an email to elfutils-devel-le...@lists.fedorahosted.org