[PATCH v1] perf report: Fix owner error when reading perf.data

[PATCH v1] perf report: Fix owner error when reading perf.data

[Taeung Song]

If perf.data file is owned by some user,
it can't be read even if current user is root.
A 'st_uid' from fstat() is user ID of the file owner.
Therefore use getuid() instead of st_uid to check if
user of the calling 'perf' process is root or not.

Signed-off-by: Taeung Song <treeze.taeung@gmail.com>
---
 tools/perf/util/data.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/data.c b/tools/perf/util/data.c
index 1921942..91ebe4e 100644
--- a/tools/perf/util/data.c
+++ b/tools/perf/util/data.c
@@ -67,7 +67,7 @@ static int open_file_read(struct perf_data_file *file)
 	if (fstat(fd, &st) < 0)
 		goto out_close;
 
-	if (!file->force && st.st_uid && (st.st_uid != geteuid())) {
+	if (!file->force && getuid() && (st.st_uid != geteuid())) {
 		pr_err("File %s not owned by current user or root (use -f to override)\n",
 		       file->path);
 		goto out_close;
-- 
1.9.1

Re: [PATCH v1] perf report: Fix owner error when reading perf.data

[Ingo Molnar]

* Taeung Song <treeze.taeung@gmail.com> wrote:

> If perf.data file is owned by some user,
> it can't be read even if current user is root.

That's intentional: to keep a malicious local user from passing a perf.data to 
root who does 'perf report' accidentally or in the wrong directory.

root can copy or chown it to himself - or we could add some --really-force flag 
for that.

Thanks,

	Ingo

Re: [PATCH v1] perf report: Fix owner error when reading perf.data

[Taeung Song]

> On Oct 1, 2015, at 6:10 PM, Ingo Molnar <mingo@kernel.org> wrote:
> 
> 
> * Taeung Song <treeze.taeung@gmail.com> wrote:
> 
>> If perf.data file is owned by some user,
>> it can't be read even if current user is root.
> 
> That's intentional: to keep a malicious local user from passing a perf.data to 
> root who does 'perf report' accidentally or in the wrong directory.
> 
> root can copy or chown it to himself - or we could add some --really-force flag 
> for that.

I got it.
I didn’t know its intention.

Thanks,
Taeung

> 
> Thanks,
> 
> 	Ingo

Re: [PATCH v1] perf report: Fix owner error when reading perf.data

[Arnaldo Carvalho de Melo]

Em Thu, Oct 01, 2015 at 09:26:26PM +0900, Taeung Song escreveu:
> > On Oct 1, 2015, at 6:10 PM, Ingo Molnar <mingo@kernel.org> wrote:
> > * Taeung Song <treeze.taeung@gmail.com> wrote:

> >> If perf.data file is owned by some user,
> >> it can't be read even if current user is root.

> > That's intentional: to keep a malicious local user from passing a perf.data to 
> > root who does 'perf report' accidentally or in the wrong directory.

> > root can copy or chown it to himself - or we could add some --really-force flag 
> > for that.

> I got it.
> I didn’t know its intention.

Feel free to transform Ingo's comment in a C source code comment right
besides the code doing that check, this way when someone else thinks
this is wrong, like you did, the comment will clarify things.

- Arnaldo