This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Removed unneeded access().


On Jun 13, 2012, at 8:13 PM, Josh Stone wrote:

> On 06/13/2012 05:01 AM, Pasi Savanainen wrote:
>> * ctl.c: access() is not needed because previous open() will fail
>> if user has no read write accees to a command channel file.
> 
> Sorry, this is not true, because staprun is setuid-root.  The open()
> should always succeed if the file exists, due to the effective UID 0,
> but access() is making sure that the *real* UID (of the original user)
> also has permissions for that file.
> 
Yes, very true. I did't think about that.

Actually my real problem was not an error message but it hides the fact from me that that 
loaded module couldn't be unloaded by staprun anymore. I had to manually remove the module.

> Later when the control channel is opened by stapio, your statement about
> open() and access() is true, but we must be careful with staprun.
> 
>> Actually existance of access() check generates a misleading error:
>> "Error, 'stap_26013' (stap_26013) is not a zombie systemtap module."
>> when stap is runned by regular user (stapusr group)
>> and /sys/kernel/debug is mounted as 0700.
> 
> This is true - regular users won't be able to reach anything underneath
> if debugfs is mounted this way.  My first thought is, "Don't do that!"
> 

I'm running Ubuntu 11.10 and it mounts debugfs by default as 0700.

Br,

Pasi


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]