[PATCH] perf tools: Check '/tmp/perf-' symbol file ownership

Commit-ID: 981c1252691f4b855f2bb47ea93fb6052ea3aee2
Gitweb: http://git.kernel.org/tip/981c12526...052ea3aee2
Author: Pekka Enberg
AuthorDate: Tue, 9 Aug 2011 22:54:18 +0300
Committer: Arnaldo Carvalho de Melo
CommitDate: Tue, 9 Aug 2011 15:23:08 -0300

perf symbols: Check '/tmp/perf-' symbol file ownership

The external symbol files are generated by JIT compilers, for example, but we
need to make sure they're ours before injecting them to 'perf report'.

Requested-by: Ingo Molnar
Cc: Frederic Weisbecker
Cc: Peter Zijlstra
Link: http://lkml.kernel.org/r/
Signed-off-by: Pekka Enberg
Signed-off-by: Arnaldo Carvalho de Melo

tools/perf/util/symbol.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index eec1963..a8b5371 100644
a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -1504,6 +1504,17 @@ int dso__load(struct dso *dso, struct map *map, symbol_filter_t filter)
dso->adjust_symbols = 0;

if (strncmp(dso->name, "/tmp/perf-", 10) == 0) {
+ struct stat st;
+
+ if (stat(dso->name, &st) < 0)
+ return -1;
+
+ if (st.st_uid && (st.st_uid != geteuid())) {
+ pr_warning("File %s not owned by current user or root, "
+ "ignoring it.", dso->name);
+ return -1;
+ }
+
ret = dso__load_perf_map(dso, map, filter);
dso->symtab_type = ret > 0 ? SYMTAB__JAVA_JIT :
SYMTAB__NOT_FOUND;
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

On 08/10/2011 03:48 AM, tip-bot for Pekka Enberg wrote:

Commit-ID: 981c1252691f4b855f2bb47ea93fb6052ea3aee2
Gitweb: http://git.kernel.org/tip/981c12526...052ea3aee2
Author: Pekka Enberg
AuthorDate: Tue, 9 Aug 2011 22:54:18 +0300
Committer: Arnaldo Carvalho de Melo
CommitDate: Tue, 9 Aug 2011 15:23:08 -0300

perf symbols: Check '/tmp/perf-' symbol file ownership

The external symbol files are generated by JIT compilers, for example, but we
need to make sure they're ours before injecting them to 'perf report'.

Requested-by: Ingo Molnar
Cc: Frederic Weisbecker
Cc: Peter Zijlstra
Link: http://lkml.kernel.org/r/
Signed-off-by: Pekka Enberg
Signed-off-by: Arnaldo Carvalho de Melo

tools/perf/util/symbol.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index eec1963..a8b5371 100644
a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -1504,6 +1504,17 @@ int dso__load(struct dso *dso, struct map *map, symbol_filter_t filter)
dso->adjust_symbols = 0;

if (strncmp(dso->name, "/tmp/perf-", 10) == 0) {
+ struct stat st;
+
+ if (stat(dso->name, &st) < 0)
+ return -1;
+
+ if (st.st_uid && (st.st_uid != geteuid())) {
+ pr_warning("File %s not owned by current user or root, "
+ "ignoring it.", dso->name);
+ return -1;
+ }

Is the force option relevant here -- similar to perf_session__open()?

David

+
ret = dso__load_perf_map(dso, map, filter);
dso->symtab_type = ret > 0 ? SYMTAB__JAVA_JIT :
SYMTAB__NOT_FOUND;
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

On Thu, Aug 11, 2011 at 7:51 AM, David Ahern wrote:

On 08/10/2011 03:48 AM, tip-bot for Pekka Enberg wrote:

Commit-ID:  981c1252691f4b855f2bb47ea93fb6052ea3aee2
Gitweb:     http://git.kernel.org/tip/981c12526...052ea3aee2
Author:     Pekka Enberg
AuthorDate: Tue, 9 Aug 2011 22:54:18 +0300
Committer:  Arnaldo Carvalho de Melo
CommitDate: Tue, 9 Aug 2011 15:23:08 -0300

perf symbols: Check '/tmp/perf-' symbol file ownership

The external symbol files are generated by JIT compilers, for example, but we
need to make sure they're ours before injecting them to 'perf report'.

Requested-by: Ingo Molnar
Cc: Frederic Weisbecker
Cc: Peter Zijlstra
Link: http://lkml.kernel.org/r/
Signed-off-by: Pekka Enberg
Signed-off-by: Arnaldo Carvalho de Melo

 tools/perf/util/symbol.c |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index eec1963..a8b5371 100644
a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -1504,6 +1504,17 @@ int dso__load(struct dso *dso, struct map *map, symbol_filter_t filter)
      dso->adjust_symbols = 0;

      if (strncmp(dso->name, "/tmp/perf-", 10) == 0) {
+             struct stat st;
+
+             if (stat(dso->name, &st) < 0)
+                     return -1;
+
+             if (st.st_uid && (st.st_uid != geteuid())) {
+                     pr_warning("File %s not owned by current user or root, "
+                             "ignoring it.", dso->name);
+                     return -1;
+             }

Is the force option relevant here -- similar to perf_session__open()?

I don't know, I guess not. Ingo, Arnaldo?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/