This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH v2] gdbserver: linux_low: elf_64_file_p cache results
- From: Pedro Alves <palves at redhat dot com>
- To: Jon Ringle <jon at ringle dot org>
- Cc: gdb-patches at sourceware dot org, Jon Ringle <jringle at gridpoint dot com>
- Date: Thu, 24 Aug 2017 15:53:29 +0100
- Subject: Re: [PATCH v2] gdbserver: linux_low: elf_64_file_p cache results
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=palves at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4362DC03BD73
- References: <1503549910-24770-1-git-send-email-jon@ringle.org> <402cb282-9cd1-2725-f6de-ec5f9eb15e0d@redhat.com> <CAMwGMjwPzZd-P8KRrjY6-mowkPbOLX+JTz-yL2W=N63q7BkzzA@mail.gmail.com> <b0b54d2c-49d4-a8a9-dd6a-458a48039332@redhat.com>
On 08/24/2017 03:42 PM, Pedro Alves wrote:
> I'm still mystified about why can't gdbserver read
> the file after "droproot" has changed user.
> I assume gdbserver is running as root? Why wouldn't
> a gdbserver running as root be able to read "jringle"'s
> /proc file?
>
> Does CAP_PTRACE make a difference?
FAOD, I meant CAP_SYS_PTRACE.
See for example here:
http://man7.org/linux/man-pages/man5/proc.5.html
~~~
/proc/[pid]/exe
...
Permission to dereference or read (readlink(2)) this symbolic
link is governed by a ptrace access mode
PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
~~~
[and follow on to ptrace(2).]
>
> I have to wonder whether there's a better way to do this..
> gdbserver needs to read other /proc files, some not cacheable.
> I fear that you may have run into just one case so far, and
> that we may run into problems if we take this route.
Thanks,
Pedro Alves