[PATCH 2/2] GDB test suite: Get core files on targets with systemd-coredump
Andreas Arnez
arnez@linux.vnet.ibm.com
Wed Oct 18 15:56:00 GMT 2017
On Tue, Oct 17 2017, Pedro Alves wrote:
> On 10/17/2017 06:36 PM, Andreas Arnez wrote:
[...]
>> This might be the right trade-off if we expect test cases to be executed
>> only on systems that the user has full control over. But I consider
>> this restriction too tight and would prefer a "best effort" approach
>> instead. Maybe we should emit a warning *and* try our best to execute
>> the test?
>
> Not sure, really. It seems like the "best effort" results in
> racy tests, e.g., if "coredumpctl" returns an old dump, or
> if coredumpctl decides to rate-limit core dump generation (which
> according to the docs, it does). It very much sounds like that
> can lead to hard to diagnose problems and send GDB hackers tilting
> at windmills.
That might be. However, the same problems may affect *any* coredumpctl
user, not just the GDB test suite. And coredumpctl users are *our*
users, after all. Maybe we should postpone GDB test suite support for
systemd-coredump until these problems are fixed. But if all "informed
developers" just give up and disable systemd-coredump, I fear that they
will never be addressed.
>
>>
>>> I mean, you already have to tweak other things in the system in
>>> order to be able to run the testsuite correctly. For example,
>>> you have to tweak /proc/sys/kernel/yama/ptrace_scope to make
>>> attach tests work at all, for example. systemd-coredump kind of
>>> seems like more of the same.
>>
>> So should we document a sequence of admin commands that makes a system
>> debug-ready, or in particular ready for the GDB test suite?
>
> IMO, yes. We already have something like that, but it's mixed with
> the instructions for setting up builders:
>
> https://sourceware.org/gdb/wiki/BuildBot#Fedora-specific_instructions
>
> (Note we already suggest disabling ABRT and tweaking
> kernel.core_pattern.)
>
> It'd be great to move that info to some specific page about setting
> up an environment for developing and testing GDB. Also, some of
> the command sequences there could move to scripts under gdb/contrib/,
> IMHO.
Yeah, that would be good.
>
>>
>> But I'm not so sure about this. IMHO a default mainstream Linux
>> installation should be suited for development- and debugging purposes
>> *without* any tweaking. Also, if there are good reasons for a security
>> measure, we shouldn't rely on disabling it globally.
>
> I think that battle is lost.
That surely sounds depressing... I guess I'm late to the battlefield
then ;-)
> Mainstream Linux installations are already very much not suited for
> development OOTB. You have to install a bunch of development packages
> that are not installed by default, before you can build anything,
> including compiler, etc. If you can install packages, then you can
> also disable a few features that really are not meant for development
> environments. What we're missing is a simple "one-click button" way
> to adapt an installation / user environment for development.
Let me just point out that I see a difference between installing
additional packages and disabling security measures. Admins might be
easily convinced to do the former, but there will probably be more push
back on the latter. A "one-click button" would not really help with
that.
And all this sounds as if developers were no longer seen as a target
group of a Fedora distribution, say. On the other hand -- quote --:
"Fedora Workstation is a polished, easy to use operating system for
laptop and desktop computers, with a complete set of tools for
developers and makers of all kinds."
>
>>
>> With respect to Yama's ptrace scope, the distributions seem to differ.
>> For instance, Fedora does not activate it by default
>> (https://fedoraproject.org/wiki/Security_Features_Matrix), while Ubuntu
>> does (https://wiki.ubuntu.com/Security/Features). And I wonder whether
>> this feature couldn't be adjusted to be more debug-friendly either.
>
> The whole point of the feature is to prevent debugging, so I don't
> see how, off hand.
Well, I think the goal is to prevent visibility of sensitive data like
passwords and keys through ptrace -- which is a fair point. But does
this really require disabling ptrace from "non-ancestor" processes
completely? It just seems to me that the collateral damage to debug
capabilities was accepted too easily in this design.
[...]
Anyway, regarding GDB test suite support for systemd-coredump, I won't
push too hard. While I have a slight preference towards "best effort",
I understand your concern with possible surprises. So I'm fine with
dropping this patch. Patch #1 in this series might still be useful, so
I'll send an updated version of it.
--
Andreas
More information about the Gdb-patches
mailing list