don't run elfutils as root in ABRT

Mark Wielaard mark@klomp.org
Tue May 9 12:25:00 GMT 2017


Hi Adam,

On Fri, 2017-05-05 at 18:25 +0200, Adam Šulc wrote:
> I work on ABRT improvement in order to increase security related to
> core backtrace generating using elfutils library.
> Here is a short description of my problem:
> 
> Goal is to not call base code in elfutils and gdb functions under root.
> If you are more interested you can read more there:
> https://github.com/abrt/abrt/issues/890
>
> We need root for opening /proc files only.

And, depending on system settings, for ptrace attach or other
interprocess services like reading memory with process_vm_read.

> First, we open these files under root,
> then we drop capabilities & privileges and finally, we generate core_backtrace.

If you just drop privileges to the user owning the process you should
keep having access.

> We have one problem that still persists, we need to pass the opened
> /proc/[tid]/mem file to this function:
> dwfl_linux_proc_find_elf
> Because this function opens the /proc/[tid]/mem file itself, thus it
> is hard coded and we cannot pass our /proc/[tid]/mem file pointer:
> https://github.com/abrt/satyr/blob/master/lib/core_unwind_elfutils.c#L246
> So we dont know how to pass the opened file to this function.
> 
> Do you have any idea how to pass the open file descriptor into the
> function? Or what is the best way how to achieve this?

You cannot easily unless you write your own Dwfl_Callbacks.find_elf
handler. But as long as you only drop privileges to the user owning the
process you should be able to open that file.

Note that this code path should only be called if the ELF module
couldn't be found on the file system. In that case it will try to slurp
it from the process memory. Does that fallback path not work as intended
for your setup?

Cheers,

Mark



More information about the Elfutils-devel mailing list