[Bug 1860822] Re: ptrace fails with yama/ptrace_scope=0
Seth, thank you kindly for your prompt and clear answer. I modified server.c and confirm that gdb can now attach to the child process. Although prctl(PR_SET_DUMPABLE, 1) has no effect (and returns 0!) when called before resetting privileges, it works after the gid has been reset to the debugging process's gid. I see where it's documented now. PR_SET_DUMPABLE is not mentioned in /etc/sysctl.d/10-ptrace.conf, but ptrace_scope in procfs(5) refers us to ptrace(2), which says, under PTRACE_ATTACH, "Processes that are not dumpable ... can not be attached via ptrace(2) PTRACE_ATTACH." The elided text refers to prctl(2), wherein the description of PR_SET_DUMPABLE describes how processes come to have their dumpable flag reset to 0. It's all there if you know where to look. Yet that's a bit thin, isn't it? I missed it, and my question on SO failed to elicit any pointer to PR_SET_DUMPABLE. IMO the gdb message in response to failing to attach is too wordy and basic. The focus on ptrace is almost misdirection, insofar as PTRACE_ATTACH is controlled by the union of ptrace_scope and the dumpable flag. I'm not sure what to suggest. A note in the gdb man page would be good. Maybe best would a file in /usr/share/doc/linux-doc describing debugging, dumpability, and ptrace from a programmer's point of view. ISTM one shouldn't have to understand the ptrace(2) syscall to use gdb on running processes. Thanks again for your help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860822 Title: ptrace fails with yama/ptrace_scope=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1860822/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860822] [NEW] ptrace fails with yama/ptrace_scope=0
Public bug reported: I cannot attach to a process with gdb despite setting ptrace_scope to 0. The process has no capabilities, and is running under my uid & gid. The process is a child, forked from a privileged program that has divested itself of its parent's privileges. The parent is setgid and has some capabilities. None of that is true of the child. First, the OS: $ lsb_release -rd Description:Ubuntu 16.04 LTS Release:16.04 The ptrace setting: $ nl /proc/sys/kernel/yama/ptrace_scope 1 0 Me: $ echo uid: $(id -u) gid: $(id -g) uid: 1000 gid: 1000 The test program (source included with this PR): $ ls -ln server -rwxrwsr-x 1 1000 1002 17760 Jan 24 17:30 server $ getcap server server = cap_dac_read_search,cap_sys_ptrace+ep Please note it is setgid to the group 1002, not my gid. The "server" program forks a child. That child 1. reports its uid and gid: effective, real, and saved, and its capabilities 2. removes its capabilities with cap_set_proc and disclaims its gid with setregid(getgid(), getgid()) 3. reports its uid and gid, and capabilities again 4. pauses with pause(2). Although the child reports everything is in order, gdb still cannot attach to it. To facilitate testing, the child writes its pid to a fifo named on the command line. That lets the following script read the pid from the fifo and conveniently demonstrate the whole problem: [snip] $ echo q | sh -x ./run + set -e + rm -f fifo + mkfifo fifo + ./server fifo child 18876 paused awaiting SIGCONT inherited: user 1000, euser 1000 inherited: group 1000, egroup 1002 inherited: ruid 1000, euid 1000, suid 1000 inherited: rgid 1000, egid 1002, sgid 1002 inherited capabilities: '= cap_dac_read_search,cap_sys_ptrace+ep' new: user 1000, euser 1000 new: group 1000, egroup 1000 new: ruid 1000, euid 1000, suid 1000 new: rgid 1000, egid 1000, sgid 1000 new capabilities: '=' + read pid + echo child is 18876 child is 18876 + gdb -q -p 18876 Attaching to process 18876 Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf ptrace: Operation not permitted. (gdb) + kill -s CONT 18876 child exited [pins] This appears to be a bug that affects everyone using gdb on Ubuntu. If so, many dealing with privileged processes are working around it by running gdb as root. It's not clear to me that's an improvement on the status quo ante, before the ptrace_scope control was introduced. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-169-generic 4.4.0-169.198 ProcVersionSignature: Ubuntu 4.4.0-169.198-generic 4.4.197 Uname: Linux 4.4.0-169-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.21 Architecture: amd64 Date: Fri Jan 24 17:03:29 2020 InstallationDate: Installed on 2016-07-15 (1288 days ago) InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: linux-signed (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial ** Attachment added: "Makefile, test program, and script to demonstrate" https://bugs.launchpad.net/bugs/1860822/+attachment/5322687/+files/cap.tar -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860822 Title: ptrace fails with yama/ptrace_scope=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1860822/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836219] [NEW] pidfile_close prevents pidfile_remove from working
Public bug reported: The whole pidfile_xxx suite, besides being unnecessarily complicated compared to 1 function in NetBSD, does not do what it says on the tin. Complications. 4 functions instead of one. pidfile_open requires pidptr, but doesn't use it. The other functions require an argument that the documentation says isn't needed, but is. Error. Most important, pidfile_close modifies its argument such that pidfile_remove can't use it: both the file descriptor and the name are destroyed. The following program and associated output illustrates the problem. #include #include #include #include void show_pfh( const char func[], struct pidfh * pfh ) { printf( "%s: fh = %d, name = %s\n", func, pfh->pf_fd, pfh->pf_path ); } int main(int argc, char *argv[]) { pid_t pid; struct pidfh * pfh = pidfile_open("/tmp/foo.pid", 0644, ); if( !pfh ) { err(EXIT_FAILURE, "pidfile_open"); } show_pfh("open", pfh); if( -1 == pidfile_write(pfh) ) { err(EXIT_FAILURE, "pidfile_write"); } show_pfh("write", pfh); if( -1 == pidfile_close(pfh) ) { err(EXIT_FAILURE, "pidfile_close"); } show_pfh("close", pfh); if( -1 == pidfile_remove(pfh) ) { err(EXIT_FAILURE, "pidfile_remove"); } show_pfh("remove", pfh); return 0; } $ ./pid open: fh = 3, name = /tmp/foo.pid write: fh = 3, name = /tmp/foo.pid close: fh = 0, name = pid: pidfile_remove: Invalid argument $ grep -iE 'name|version' /etc/os-release NAME="Ubuntu" VERSION="16.04 LTS (Xenial Xerus)" PRETTY_NAME="Ubuntu 16.04 LTS" VERSION_ID="16.04" UBUNTU_CODENAME=xenial $ gcc --version | grep ^gcc gcc (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609 $ ldd pid linux-vdso.so.1 => (0x7fffc79b6000) libbsd.so.0 => /lib/x86_64-linux-gnu/libbsd.so.0 (0x7f72ee343000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f72edf79000) /lib64/ld-linux-x86-64.so.2 (0x7f72ee558000) ** Affects: libbsd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836219 Title: pidfile_close prevents pidfile_remove from working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libbsd/+bug/1836219/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1736295] Re: awk script to render mdoc from man pages
On Thu, 07 Dec 2017 23:30:06 - Joshua Powerswrote: > Matt was kind enough to respond, here is what he said: > > --- > Unfortunately development of Eucalyptus from an official corporate > capacity has been halted. Since its an open source project, anyone > can contribute PRs using github. The euca2ools github repository is > at: https://github.com/eucalyptus/euca2ools > --- > > @jkl is proposing a merge on github something you would be willing to > do? Yes, can do. This way, the script will be available to anyone who wants it. It doesn't sound like the euca2ools project any longer has interest in producing mdoc man pages, but since it came up early in my search for such a conversion tool, someone else looking for one may find it there. Many thanks for your diligence. --jkl -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1736295 Title: awk script to render mdoc from man pages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1736295/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1736295] Re: awk script to render mdoc from man pages
On Thu, 07 Dec 2017 07:41:19 - ChristianEhrhardt <1736...@bugs.launchpad.net> wrote: > But I tried to contribute or even ping there fore you Thank you for your efforts, Christian. Much obliged. --jkl -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1736295 Title: awk script to render mdoc from man pages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1736295/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1736295] Re: awk script to render mdoc from man pages
On Wed, 06 Dec 2017 16:51:11 - Joshua Powerswrote: > My suggestion is to open an account on the upstream atlassian site you > linked to and submit a comment there with your fix. We only track > ubuntu bugs here it would be better if your work were included > directly in the upstream source Hi Joshua, Thanks, but I hereby give up. I tried to open an account there. I think I *did* create an account, but that doesn't give me access to that project. I wrote the script. I posted it. The project doesn't offer any contact information, let alone an email address. If they want any help, they have an odd way of showing it. If some human being contacts me with a willingness to work, instead of bureaucratic blah-di-blah, I'll be happy to get involved. But filling out forms and opening useless accounts is why I left corporate America. Kind regards, --jkl -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1736295 Title: awk script to render mdoc from man pages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1736295/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1736295] [NEW] awk script to render mdoc from man pages
Public bug reported: The attached awk script converts Help2Man output (troff -man macros) to mdoc. The results aren't perfect, but the script alleviates a lot of the tedium in the conversion. I would be willing to improve the script for the project's benefit if the development team finds it useful. It's my understanding this is an important outstanding TODO for the project, per https://eucalyptus.atlassian.net/projects/TOOLS/issues/TOOLS-677?filter=allopenissues. ** Affects: euca2ools (Ubuntu) Importance: Undecided Status: New ** Attachment added: "man2mdoc" https://bugs.launchpad.net/bugs/1736295/+attachment/5018569/+files/man2mdoc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1736295 Title: awk script to render mdoc from man pages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1736295/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1672058] [NEW] vis/unvis utilities missing from libbsd-dev
Public bug reported: $ man vis | sed -ne '/SEE/,/^$/p' SEE ALSO unvis(1), vis(1), snprintf(3), strlcpy(3), unvis(3) The libbsd-dev package includes the man pages for the library functions, and those pages refer to command-line utilities that are not included in the package. AFAICT, these utilities are not available in any Ubuntu package. It would be preferable to include the utilities, because it makes working with the library easier. If the utilities are not to be included for some reason, the man pages should exclude them from SEE ALSO, which is a blind alley. It would be a kindness to the user to mention them (perhaps in a NOTES section) with a pointer to a known source such as the NetBSD archive. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libbsd-dev 0.8.2-1 ProcVersionSignature: Ubuntu 3.13.0-63.103-generic 3.13.11-ckt25 Uname: Linux 3.13.0-63-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.4 Architecture: amd64 Date: Sat Mar 11 12:17:47 2017 Dependencies: gcc-6-base 6.0.1-0ubuntu1 libbsd0 0.8.2-1 libc6 2.23-0ubuntu5 libgcc1 1:6.0.1-0ubuntu1 InstallationDate: Installed on 2012-10-22 (1600 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: libbsd UpgradeStatus: Upgraded to xenial on 2016-12-15 (86 days ago) ** Affects: libbsd (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1672058 Title: vis/unvis utilities missing from libbsd-dev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libbsd/+bug/1672058/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1053562] [NEW] no man page for syslogd
Public bug reported: $ man syslogd No manual entry for syslogd It would be nice if /usr/share/man/man8/rsyslogd.8.gz were hard-linked to /usr/share/man/man8/syslogd.8.gz. The user seeking documentation shouldn't have to remember, oh, right, on Ubuntu it's *r*syslogd. I briefly thought were was no logger daemon. $ uname -rv 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 I'm using LTS 12.04. ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1053562 Title: no man page for syslogd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1053562/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs