From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Subject: Re: [PATCH] Add UNSUPPORTED check in elf/tst-pldd.
Date: Tue, 27 Aug 2019 12:06:06 -0300 [thread overview]
Message-ID: <d70954b6-e749-5546-bcfd-509a597b8a14@linaro.org> (raw)
In-Reply-To: <fbb0d1e8-4f39-59ed-801c-d53e14d0320a@linux.ibm.com>
On 27/08/2019 07:19, Stefan Liebler wrote:
> Hi,
>
> the testcase forks a child process and runs pldd with PID of
> this child. On systems where /proc/sys/kernel/yama/ptrace_scope
> differs from zero, pldd will fail with
> /usr/bin/pldd: cannot attach to process 3: Operation not permitted
>
> This patch checks if ptrace_scope is zero and otherwise marks the
> test as UNSUPPORTED.
>
> Bye
> Stefan
>
> ChangeLog:
>
> * elf/tst-pldd.c (do_test): Add UNSUPPORTED check.
>
> 20190826_tst-pldd.patch
>
> commit 9c0b03c38bdd31618909da46b8bd4e09b5a236d2
> Author: Stefan Liebler <stli@linux.ibm.com>
> Date: Mon Aug 26 15:45:07 2019 +0200
>
> Add UNSUPPORTED check in elf/tst-pldd.
>
> The testcase forks a child process and runs pldd with PID of
> this child. On systems where /proc/sys/kernel/yama/ptrace_scope
> differs from zero, pldd will fail with
> /usr/bin/pldd: cannot attach to process 3: Operation not permitted
>
> This patch checks if ptrace_scope is zero and otherwise marks the
> test as UNSUPPORTED.
>
> ChangeLog:
>
> * elf/tst-pldd.c (do_test): Add UNSUPPORTED check.
>
> diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
> index 6b7c94a1c0..3f211dc342 100644
> --- a/elf/tst-pldd.c
> +++ b/elf/tst-pldd.c
> @@ -52,6 +52,24 @@ in_str_list (const char *libname, const char *const strlist[])
> static int
> do_test (void)
> {
> + /* Check if all processes can be debugged with ptrace. */
> + {
> + FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r");
> + if (f != NULL)
> + {
> + /* If ptrace_scope exists, then it has to be 0 which means
> + "classic ptrace permissions". A process can PTRACE_ATTACH
> + to any other process running under the same uid, as long as
> + it is dumpable. Otherwise pldd will fail to attach to the
> + subprocess. */
> + int i = 99;
> + fscanf (f, "%d", &i);
> + fclose (f);
> + if (i != 0)
> + FAIL_UNSUPPORTED ("/proc/sys/kernel/yama/ptrace_scope != 0");
> + }
> + }
> +
This is a Linuxism and I think we should create a 'support_can_ptrace' similar
to 'support_can_chroot'. The logic to detect it seems correct, I would just
check fscanf returned to value and use xfclose. It would be something like
bool
support_can_ptrace (void)
{
bool ret = true;
#ifdef __linux__
/* YAMA may be not enabled. If it is then ptrace_scope it has to be 0
which means "classic ptrace permissions". A process can
PTRACE_ATTACH to any other process running under the same uid, as
long as it is dumpable. Otherwise pldd will fail to attach to the
subprocess. */
FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r");
if (f == NULL)
return true;
int i = 99;
TEST_COMPARE (fscanf (f, "%d", &i), 1);
xfclose (f);
ret = i == 0;
#endif
return ret;
}
And I think we might eventually need to handle seccomp as well.
> /* Create a copy of current test to check with pldd. */
> struct support_subprocess target = support_subprocess (target_process, NULL);
>
>
next prev parent reply other threads:[~2019-08-27 15:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-27 10:19 [PATCH] Add UNSUPPORTED check in elf/tst-pldd Stefan Liebler
2019-08-27 15:06 ` Adhemerval Zanella [this message]
2019-08-27 15:14 ` Florian Weimer
2019-08-27 19:11 ` Adhemerval Zanella
2019-08-28 9:06 ` Stefan Liebler
2019-08-28 9:24 ` Florian Weimer
2019-08-28 14:42 ` Stefan Liebler
2019-08-29 8:47 ` Florian Weimer
2019-09-02 15:28 ` Stefan Liebler
2019-09-17 13:31 ` Adhemerval Zanella
2019-09-17 15:17 ` Stefan Liebler
2019-09-18 10:45 ` Stefan Liebler
2019-09-18 15:17 ` Joseph Myers
2019-09-19 10:28 ` Stefan Liebler
2019-09-02 19:37 ` Adhemerval Zanella
2019-09-03 6:30 ` Stefan Liebler
2019-09-03 13:34 ` Adhemerval Zanella
2019-09-06 3:21 ` Carlos O'Donell
2019-09-10 8:46 ` Stefan Liebler
2019-09-10 13:32 ` Adhemerval Zanella
2019-09-11 7:05 ` Stefan Liebler
2019-08-28 12:19 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d70954b6-e749-5546-bcfd-509a597b8a14@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).