From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: Ingo Molnar <mingo@elte.hu>, Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Mike Galbraith <efault@gmx.de>,
linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>
Subject: [PATCH 3/4] perf tools: Check perf.data owner
Date: Wed, 19 Aug 2009 11:18:26 +0200 [thread overview]
Message-ID: <20090819092023.896648538@chello.nl> (raw)
In-Reply-To: 20090819091823.916851355@chello.nl
[-- Attachment #1: perf-tool-check-uid.patch --]
[-- Type: text/plain, Size: 2900 bytes --]
Add an owner check to opening perf.data files and a switch to silence
it.
Because perf-report/perf-annotate are binary parsers reading another
users' perf.data file could be a security risk if the file were
explicitly engineered to trigger bugs in the parser (we hope of course
there are non such bugs, but you never know).
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
---
tools/perf/builtin-annotate.c | 7 +++++++
tools/perf/builtin-report.c | 7 +++++++
2 files changed, 14 insertions(+)
Index: linux-2.6/tools/perf/builtin-annotate.c
===================================================================
--- linux-2.6.orig/tools/perf/builtin-annotate.c
+++ linux-2.6/tools/perf/builtin-annotate.c
@@ -28,6 +28,7 @@ static char const *input_name = "perf.d
static char default_sort_order[] = "comm,symbol";
static char *sort_order = default_sort_order;
+static int force;
static int input;
static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV;
@@ -976,6 +977,11 @@ static int __cmd_annotate(void)
exit(-1);
}
+ if (!force && (input_stat.st_uid != geteuid())) {
+ fprintf(stderr, "file: %s not owned by current user\n", input_name);
+ exit(-1);
+ }
+
if (!input_stat.st_size) {
fprintf(stderr, "zero-sized file, nothing to do!\n");
exit(0);
@@ -1081,6 +1087,7 @@ static const struct option options[] = {
"input file name"),
OPT_STRING('s', "symbol", &sym_hist_filter, "symbol",
"symbol to annotate"),
+ OPT_BOOLEAN('f', "force", &force, "don't complain, do it"),
OPT_BOOLEAN('v', "verbose", &verbose,
"be more verbose (show symbol address, etc)"),
OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace,
Index: linux-2.6/tools/perf/builtin-report.c
===================================================================
--- linux-2.6.orig/tools/perf/builtin-report.c
+++ linux-2.6/tools/perf/builtin-report.c
@@ -37,6 +37,7 @@ static char *dso_list_str, *comm_list_s
static struct strlist *dso_list, *comm_list, *sym_list;
static char *field_sep;
+static int force;
static int input;
static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV;
@@ -1383,6 +1384,11 @@ static int __cmd_report(void)
exit(-1);
}
+ if (!force && (input_stat.st_uid != geteuid())) {
+ fprintf(stderr, "file: %s not owned by current user\n", input_name);
+ exit(-1);
+ }
+
if (!input_stat.st_size) {
fprintf(stderr, "zero-sized file, nothing to do!\n");
exit(0);
@@ -1594,6 +1600,7 @@ static const struct option options[] = {
OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace,
"dump raw trace in ASCII"),
OPT_STRING('k', "vmlinux", &vmlinux_name, "file", "vmlinux pathname"),
+ OPT_BOOLEAN('f', "force", &force, "don't complain, do it"),
OPT_BOOLEAN('m', "modules", &modules,
"load module symbols - WARNING: use only with -k and LIVE kernel"),
OPT_BOOLEAN('n', "show-nr-samples", &show_nr_samples,
--
next prev parent reply other threads:[~2009-08-19 9:23 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-19 9:18 [PATCH 0/4] perf counter bits Peter Zijlstra
2009-08-19 9:18 ` [PATCH 1/4] perf_counter: Default to higher paranoia level Peter Zijlstra
2009-08-19 14:07 ` Peter Zijlstra
2009-08-19 16:04 ` Frederic Weisbecker
2009-08-20 12:00 ` Peter Zijlstra
2009-08-21 14:21 ` Ingo Molnar
2009-08-24 7:29 ` Peter Zijlstra
2009-08-24 7:37 ` Ingo Molnar
2009-08-19 9:18 ` [PATCH 2/4] perf_counter: powerpc: Support the anonymized kernel callchain bits Peter Zijlstra
2009-08-19 13:30 ` [tip:perfcounters/core] perf_counter: powerpc: Support the anonimized " tip-bot for Peter Zijlstra
2009-08-19 9:18 ` Peter Zijlstra [this message]
2009-08-19 13:32 ` [tip:perfcounters/core] perf tools: Check perf.data owner tip-bot for Peter Zijlstra
2009-08-19 9:18 ` [PATCH 4/4][RFC] perf_counter: Allow sharing of output channels Peter Zijlstra
2009-08-19 10:58 ` Ingo Molnar
2009-08-19 11:07 ` Peter Zijlstra
2009-08-19 12:41 ` Paul Mackerras
2009-08-19 12:36 ` Paul Mackerras
2009-08-19 12:56 ` Ingo Molnar
2009-08-19 12:56 ` Peter Zijlstra
2009-08-19 13:00 ` Ingo Molnar
2009-08-20 10:13 ` stephane eranian
2009-08-20 10:24 ` Peter Zijlstra
2009-08-20 10:28 ` Ingo Molnar
2009-08-19 16:19 ` Frederic Weisbecker
2009-08-19 16:24 ` Peter Zijlstra
2009-08-19 16:27 ` Frederic Weisbecker
2009-08-25 7:39 ` [tip:perfcounters/core] " tip-bot for Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090819092023.896648538@chello.nl \
--to=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=efault@gmx.de \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.