clang: check header ownership #4928
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brendangregg
requested review from
drzaeus77,
yonghong-song,
4ast and
davemarchevsky
as code owners
jordalgo
reviewed
Mar 6, 2024
| int ret; | ||
| if ((ret = stat(f, &buffer)) == 0) { | ||
| if (buffer.st_uid != uid) { | ||
| std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n"; |
There was a problem hiding this comment.
Nit: is it useful to also print out the expected uid and the one in the file: st_uid?
There was a problem hiding this comment.
I think this is close enough: says this filename has this type of error. End-user should likely see this and run ls -l. There's related codepaths that can error with no such hint, which is pretty hard to debug, which is why I put a big clue in. :-)
|
Do we need to check the ld cache ownership too? https://github.com/iovisor/bcc/blob/master/src/cc/bcc_proc.c#L400 |
|
Thanks, although the ld cache is only in /etc, right? /etc should already be locked down, so we wouldn't need to check. If unprivileged users can create files in /etc, I imagine there's a ton of other issues. |
jordalgo
approved these changes
Mar 6, 2024
3 tasks
|
I'm afraid this is not fixed yet. The example above fails only because it does not contain the include/linux/kconfig.h file. |
jeromemarchand
added a commit
to jeromemarchand/bcc
that referenced
this pull request
May 6, 2024
file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
jeromemarchand
added a commit
to jeromemarchand/bcc
that referenced
this pull request
May 6, 2024
file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
yonghong-song
pushed a commit
that referenced
this pull request
May 8, 2024
file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
jeromemarchand
added a commit
to jeromemarchand/bcc
that referenced
this pull request
May 16, 2024
file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
yonghong-song
pushed a commit
that referenced
this pull request
May 17, 2024
file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
dkruces
pushed a commit
to dkruces/bcc
that referenced
this pull request
Nov 28, 2024
Example testing with a brendan-owned /tmp/kheaders file (note the "ERROR:" message):
~/bcc/build$ sudo /usr/share/bcc/tools/biosnoop
ERROR: header file ownership unexpected: /tmp/kheaders-5.15.47-internal
<built-in>:1:10: fatal error: './include/linux/kconfig.h' file not found
#include "./include/linux/kconfig.h"
^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
Traceback (most recent call last):
File "/usr/share/bcc/tools/biosnoop", line 335, in <module>
b = BPF(text=bpf_text)
File "/usr/lib/python3/dist-packages/bcc-0.1.5+6cd27218-py3.10.egg/bcc/__init__.py", line 479, in __init__
Exception: Failed to compile BPF module <text>
~/bcc/build$ ls -lhd /tmp/kheaders-5.15.47-internal
drwxrwxr-x 2 brendan dev 4.0K Mar 6 02:50 /tmp/kheaders-5.15.47-internal
No error when chown'd back to root.
dkruces
pushed a commit
to dkruces/bcc
that referenced
this pull request
Nov 28, 2024
…sor#4985) file_exists_and_ownedby() returns -1 when the file exists but its ownership is unexpected, which is very misleading since anything non zero is interpreted as true and a function with such a name is expected to return a boolean. So currently all this does, is write a warning message, and continues as if nothing is wrong. Make file_exists_and_ownedby() returns false when the ownership is wrong and have get_proc_kheaders() fails when this happen. Also have all the *exists* functions return bool to avoid such issues in the future. Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Example testing with a brendan-owned /tmp/kheaders file (note the "ERROR:" message):
No error when chown'd back to root.