Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#80 SUID for oprof_start needed

closed-invalid
nobody
None
5
2002-10-01
2002-10-01
Gabriel Zachmann
No

I use oprofile version 0.3.

If I set uid root for op_start and op_stop only,
then oprof_start complains that it failed to run op_start,
and that one must be root.
In addition, oprof_start does not seem to recognize if the
profiler is already running.
If I set uid root for oprof_start, too, then everything seems
to work fine.
The problem with setting uid root for oprof_start is that I
then have to 'xhost +'.
And it does not seem logical to me, that one shuold
really need the SUID bit for oprof_start.

Cheers,
Gab.

Discussion

  • John Levon
    John Levon
    2002-10-01

    Logged In: YES
    user_id=53034

    1) setting suid on op_start/stop makes no difference because
    they
    are shell scripts

    2) therefore, you need the suid bit on oprof_start, which is
    not a shell script

    Therefore, not a bug. (I hope this isn't a multi user machine !)

     
  • John Levon
    John Levon
    2002-10-01

    • status: open --> closed-invalid
     
  • Logged In: YES
    user_id=349593

    Hm, actually, it seems that one cannot start the profiler
    without being root at all -- at least currently.
    Setting the set uid bit with oprof_start does not help either,
    in particular, if the module has not been loaded before.
    But if you want to profile user apps (not the kernel) it seems
    to me it really should be possible to start the profiler as
    ordinary user (possibly via some set uid wrapper program).

    To "movement": what do you mean by "multi-user"
    machine? every linux machine is potentially a multi-user
    machine, isn't it? (especially within LANs) And why do you
    hope it's not?

     
  • Logged In: YES
    user_id=349593

    Hm, actually, it seems that one cannot start the profiler
    without being root at all -- at least currently.
    Setting the set uid bit with oprof_start does not help either,
    in particular, if the module has not been loaded before.
    But if you want to profile user apps (not the kernel) it seems
    to me it really should be possible to start the profiler as
    ordinary user (possibly via some set uid wrapper program).

    To "movement": what do you mean by "multi-user"
    machine? every linux machine is potentially a multi-user
    machine, isn't it? (especially within LANs) And why do you
    hope it's not?

     
    • status: closed-invalid --> open-invalid
     
  • John Levon
    John Levon
    2002-10-01

    Logged In: YES
    user_id=53034

    You certainly can start the profiler with a suid
    oprof_start. I have
    just confirmed that it works, even if the module is not
    loaded. It sounds
    like you've misconfigured somehow.

    Enabling normal users to start the profiler is a security
    risk and requires
    careful thought of trust & DOS problems. It is on the
    long-term TODO
    to mediate permissions for the profiler, but there are no
    immediate plans.

    If you interested in helping out with this, please e-mail
    the mailing
    list.

    regards,
    john

     
  • John Levon
    John Levon
    2002-10-01

    • status: open-invalid --> closed-invalid
     
  • Logged In: YES
    user_id=349593

    Well, it doesn't work here. I get the err mesg "must be root
    to start oprofile", even when the module us already loaded:
    % lsmod
    Module Size Used by Tainted: P
    oprofile 26824 -1
    es1371 31040 0 (autoclean)
    gameport 1980 0 (autoclean) [es1371]
    ac97_codec 9536 0 (autoclean) [es1371]
    [...]
    % ll /usr/local/bin/op_*
    -rwxr-xr-x 1 root root 295 Sep 27 14:52
    /usr/local/bin/op_dump*
    -rwxr-xr-x 1 root root 56146 Sep 27 14:52
    /usr/local/bin/op_help*
    -rwxr-xr-x 1 root root 801680 Sep 27 14:52
    /usr/local/bin/op_merge*
    -rwxr-xr-x 1 root root 58696 Sep 27 14:52
    /usr/local/bin/op_session*
    -rwsr-xr-x 1 root root 12564 Sep 27 14:52
    /usr/local/bin/op_start*
    -rwsr-xr-x 1 root root 1405 Sep 27 14:52
    /usr/local/bin/op_stop*
    -rwxr-xr-x 1 root root 2592041 Sep 27 14:52
    /usr/local/bin/op_time*
    -rwxr-xr-x 1 root root 2014088 Sep 27 14:52
    /usr/local/bin/op_to_source*
    % ll /usr/local/bin/oprof*
    -rwsr-xr-x 1 root root 201548 Sep 27 14:52
    /usr/local/bin/oprofiled*
    -rwxr-xr-x 1 root root 1952911 Sep 27 14:52
    /usr/local/bin/oprofpp*
    -rwsr-xr-x 1 root root 1704477 Sep 27 14:52
    /usr/local/bin/oprof_start*

    Am I missing something?
    I am working under RedHat 7.2 with SMP kernel
    2.4.9-34smp.