#193 oprofile leaves a world-writable /var/lib/oprofile/jitdump/

Shlomi Fish

On Mandriva Cooker with oprofile-0.9.6-1mdv2010.1 after doing opcontrol --vmlinux=/boot/vmlinux-2.6.36-desktop-0.rc6.2.1mnb and opcontrol --start I'm getting this:

[root@telaviv1 ~]# ls -ld /var/lib/oprofile/jitdump
drwxrwxrwx 2 root root 6 2010-10-06 09:34 /var/lib/oprofile/jitdump/

It stays this way after I run oprofile --stop and reboot the machine. This is a world-writable directory to which every user can write into until the partition is filled, and that msec (the Mandriva security monitor) reports and complains about.

Please fix it.


-- Shlomi Fish


  • Maynard Johnson

    Maynard Johnson - 2011-04-20
    • assigned_to: nobody --> hanseld
  • Maynard Johnson

    Maynard Johnson - 2011-04-20

    Daniel, please take a look at this bug.

  • William Cohen

    William Cohen - 2011-05-20

    This directory is being used to store the jvmti/jvmpi opagents so there is information to map samples back to the java method. The java program are running as normal users, so the opagent code that are recording data into /var/lib/oprofile/jitdump is also being run as normal users.

    When reviewing the opagent code I found that the jitdump directory location is statically compiled into the code due to

    libopagent/opagent.c:#define AGENT_DIR OP_SESSION_DIR_DEFAULT "jitdump"


    libop/op_config.h:#define OP_SESSION_DIR_DEFAULT "/var/lib/oprofile/"

    If someone starts uses "opcontrol --session-dir=..." then java opagent is going to put things in the wrong place.

    Would it make sense for the oprofile to do something like this:

    -opagent attempts to write to a pipe that oprofiled has open (maybe in /tmp)
    -oprofiled creates the file in SESSION_DIR/jitdump with permissions
    oprofiled makes link /tmp/filename to SESSION_DIR/jitdump/file
    -opcontrol can remove group and world write to SESSION_DIR/jitdump

  • hanseld

    hanseld - 2011-06-06

    Hi Shlomi Fish,

    we've discussed that problem.
    We want to change the location for JIT dump files from /var/lib/oprofile/jitdump to /tmp/jitdump.
    Additionally we have to document this new location due to the fact that /tmp could be cleaned up sometimes.

    The new location is necessary due to the fact that oprofile JIT dump files could be created by any user.

    Can you tell me if the new location is ok for your Mandriva security monitor?

    Kind regards.

  • Maynard Johnson

    Maynard Johnson - 2012-07-03

    Since I'm going to be putting out a new release in the not too distant future, I'd like to close out as many bugs as possible. Can you please take a look at this one. It seems that this directory could be made writable by root and readable by all. But if we make such a change, that's going to break operf, as it currently will generate jit dump files into /var/lib/oprofile/jitdump even when it's run by a normal user. So if you change the permissions on this dir, it will have a ripple effect.

  • hanseld

    hanseld - 2013-01-24

    This problem is fixed together with another related bug.

    Please refer too the Oprofile mailing list to get the whole discussion and the final fix.

  • hanseld

    hanseld - 2013-01-24
    • status: open --> open-fixed
  • Maynard Johnson

    Maynard Johnson - 2013-07-29
    • status: open-fixed --> closed-fixed
    • Group: -->

Log in to post a comment.