This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: [PATCH] Removed unneeded access().
On Jun 13, 2012, at 8:13 PM, Josh Stone wrote:
> On 06/13/2012 05:01 AM, Pasi Savanainen wrote:
>> * ctl.c: access() is not needed because previous open() will fail
>> if user has no read write accees to a command channel file.
>
> Sorry, this is not true, because staprun is setuid-root. The open()
> should always succeed if the file exists, due to the effective UID 0,
> but access() is making sure that the *real* UID (of the original user)
> also has permissions for that file.
>
Yes, very true. I did't think about that.
Actually my real problem was not an error message but it hides the fact from me that that
loaded module couldn't be unloaded by staprun anymore. I had to manually remove the module.
> Later when the control channel is opened by stapio, your statement about
> open() and access() is true, but we must be careful with staprun.
>
>> Actually existance of access() check generates a misleading error:
>> "Error, 'stap_26013' (stap_26013) is not a zombie systemtap module."
>> when stap is runned by regular user (stapusr group)
>> and /sys/kernel/debug is mounted as 0700.
>
> This is true - regular users won't be able to reach anything underneath
> if debugfs is mounted this way. My first thought is, "Don't do that!"
>
I'm running Ubuntu 11.10 and it mounts debugfs by default as 0700.
Br,
Pasi