[lttng-ust,v2] Add setuid wrappers for per-UIDbuffers
diff mbox series

Message ID 20190605185621.17226-1-gabriel.pollo-guilbert@efficios.com
State New
Headers show
Series
  • [lttng-ust,v2] Add setuid wrappers for per-UIDbuffers
Related show

Commit Message

Gabriel-Andrew Pollo-Guilbert June 5, 2019, 6:56 p.m. UTC
In case of a per-UID buffer, events following a change of user ID should be
forwarded to buffers of the new UID. In order to do so, we add a wrapper around
setuid(3), setreuid(3) and setresuid(2) that unregister and re-register the
application from the session daemon.

While there exist some other functions such as seteuid(3) or setfsuid(2), we
don't need to add a wrapper for them since they do not edit the real user ID,
the actual ID returned by getuid(3) and used for creating the buffers.

Signed-off-by: Gabriel-Andrew Pollo-Guilbert <gabriel.pollo-guilbert at efficios.com>
Acked-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
 Makefile.am                     |   1 +
 configure.ac                    |   1 +
 doc/man/lttng-ust.3.txt         |  11 ++++
 include/lttng/ust.h             |   1 +
 liblttng-ust-setuid/Makefile.am |  10 +++
 liblttng-ust-setuid/ustsetuid.c | 105 ++++++++++++++++++++++++++++++++
 liblttng-ust/lttng-ust-comm.c   |  29 ++++++++-
 7 files changed, 156 insertions(+), 2 deletions(-)
 create mode 100644 liblttng-ust-setuid/Makefile.am
 create mode 100644 liblttng-ust-setuid/ustsetuid.c

Comments

Philippe Proulx June 9, 2019, 4:08 p.m. UTC | #1
On Wed, Jun 5, 2019 at 2:57 PM Gabriel-Andrew Pollo-Guilbert
<gabriel.pollo-guilbert at efficios.com> wrote:
>
> diff --git a/doc/man/lttng-ust.3.txt b/doc/man/lttng-ust.3.txt
> index 5c9c9f5d..d58b43c7 100644
> --- a/doc/man/lttng-ust.3.txt
> +++ b/doc/man/lttng-ust.3.txt
> @@ -744,6 +744,17 @@ library before you start the application. Typical use cases include
>  daemons closing all file descriptors after man:fork(2), and buggy
>  applications doing ``double-closes''.

A few documentation fixes:

>
> +Using LTTng-UST with applications that change user

... that change the effective user ID

> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +If your application is traced using per-UID buffers and changes user ID using

If LTTng traces your application using per-UID buffers (see the
nloption:--buffers-uid option of man:lttng-enable-channel(1)) and
changes the process's effective user ID with

> +man:setuid(2), the library `liblttng-ust-setuid.so` needs to be preloaded
> +before starting the application with the `LD_PRELOAD` environment variable (see
> +man:ld.so(8)). This way, events generated after the UID change will be forwarded

... event records generated after the user ID change are forwarded ...

> +to the correct buffer.
> +
> +This workaround requires that the tracing session be global (root
> +lttng-sessiond) in order to avoid permission problems between a session

... be global (created by a root session daemon; see man:lttng-sessiond(1))
to avoid permission problems of a session

> +daemon started by another user.

Phil

> --
> 2.21.0
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev

Patch
diff mbox series

diff --git a/Makefile.am b/Makefile.am
index 810761ca..e8812e59 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,6 +5,7 @@  SUBDIRS = . include snprintf libringbuffer liblttng-ust-comm \
 		liblttng-ust-ctl \
 		liblttng-ust-fd \
 		liblttng-ust-fork \
+		liblttng-ust-setuid \
 		liblttng-ust-libc-wrapper \
 		liblttng-ust-cyg-profile \
 		tools
diff --git a/configure.ac b/configure.ac
index 52fc3f68..95780dba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -522,6 +522,7 @@  AC_CONFIG_FILES([
 	liblttng-ust/Makefile
 	liblttng-ust-ctl/Makefile
 	liblttng-ust-fork/Makefile
+	liblttng-ust-setuid/Makefile
 	liblttng-ust-dl/Makefile
 	liblttng-ust-fd/Makefile
 	liblttng-ust-java/Makefile
diff --git a/doc/man/lttng-ust.3.txt b/doc/man/lttng-ust.3.txt
index 5c9c9f5d..d58b43c7 100644
--- a/doc/man/lttng-ust.3.txt
+++ b/doc/man/lttng-ust.3.txt
@@ -744,6 +744,17 @@  library before you start the application. Typical use cases include
 daemons closing all file descriptors after man:fork(2), and buggy
 applications doing ``double-closes''.
 
+Using LTTng-UST with applications that change user
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+If your application is traced using per-UID buffers and changes user ID using
+man:setuid(2), the library `liblttng-ust-setuid.so` needs to be preloaded
+before starting the application with the `LD_PRELOAD` environment variable (see
+man:ld.so(8)). This way, events generated after the UID change will be forwarded
+to the correct buffer.
+
+This workaround requires that the tracing session be global (root
+lttng-sessiond) in order to avoid permission problems between a session
+daemon started by another user.
 
 Context information
 ~~~~~~~~~~~~~~~~~~~
diff --git a/include/lttng/ust.h b/include/lttng/ust.h
index 2779d7a7..5495e564 100644
--- a/include/lttng/ust.h
+++ b/include/lttng/ust.h
@@ -32,6 +32,7 @@  extern "C" {
 extern void ust_before_fork(sigset_t *save_sigset);
 extern void ust_after_fork_parent(sigset_t *restore_sigset);
 extern void ust_after_fork_child(sigset_t *restore_sigset);
+extern void ust_after_setuid(void);
 
 #ifdef __cplusplus 
 }
diff --git a/liblttng-ust-setuid/Makefile.am b/liblttng-ust-setuid/Makefile.am
new file mode 100644
index 00000000..df3cd622
--- /dev/null
+++ b/liblttng-ust-setuid/Makefile.am
@@ -0,0 +1,10 @@ 
+AM_CPPFLAGS = -I$(top_srcdir)/include
+AM_CFLAGS += -fno-strict-aliasing
+
+lib_LTLIBRARIES = liblttng-ust-setuid.la
+liblttng_ust_setuid_la_SOURCES = ustsetuid.c
+liblttng_ust_setuid_la_LIBADD = \
+	$(top_builddir)/liblttng-ust/liblttng-ust.la \
+	$(DL_LIBS)
+
+liblttng_ust_setuid_la_CFLAGS = -DUST_COMPONENT=liblttng-ust-setuid $(AM_CFLAGS)
diff --git a/liblttng-ust-setuid/ustsetuid.c b/liblttng-ust-setuid/ustsetuid.c
new file mode 100644
index 00000000..d221e8fb
--- /dev/null
+++ b/liblttng-ust-setuid/ustsetuid.c
@@ -0,0 +1,105 @@ 
+/*
+ * Copyright (C) 2019 Gabriel-Andrew Pollo-Guilbert
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; version 2.1 of
+ * the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA
+ */
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <lttng/ust-dlfcn.h>
+#include <lttng/ust.h>
+
+int setuid(uid_t uid)
+{
+	static int (*plibc_func)(uid_t) = NULL;
+	int retval;
+	uid_t before_uid;
+
+	if (plibc_func == NULL) {
+		plibc_func = dlsym(RTLD_NEXT, __func__);
+		if (plibc_func == NULL) {
+			fprintf(stderr, "libustsetuid: unable to find \"%s\" symbol\n", __func__);
+			errno = ENOSYS;
+			return -1;
+		}
+	}
+
+	before_uid = getuid();
+
+	retval = plibc_func(uid);
+	if (retval < 0)
+		return retval;
+
+	if (before_uid != getuid())
+		ust_after_setuid();
+
+	return retval;
+}
+
+int setreuid(uid_t ruid, uid_t euid)
+{
+	static int (*plibc_func)(uid_t, uid_t) = NULL;
+	int retval;
+	uid_t before_uid;
+
+	if (plibc_func == NULL) {
+		plibc_func = dlsym(RTLD_NEXT, __func__);
+		if (plibc_func == NULL) {
+			fprintf(stderr, "libustsetuid: unable to find \"%s\" symbol\n", __func__);
+			errno = ENOSYS;
+			return -1;
+		}
+	}
+
+	before_uid = getuid();
+
+	retval = plibc_func(ruid, euid);
+	if (retval < 0)
+		return retval;
+
+	if (before_uid != getuid())
+		ust_after_setuid();
+
+	return retval;
+}
+
+int setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+	static int (*plibc_func)(uid_t, uid_t, uid_t) = NULL;
+	int retval;
+	uid_t before_uid;
+
+	if (plibc_func == NULL) {
+		plibc_func = dlsym(RTLD_NEXT, __func__);
+		if (plibc_func == NULL) {
+			fprintf(stderr, "libustsetuid: unable to find \"%s\" symbol\n", __func__);
+			errno = ENOSYS;
+			return -1;
+		}
+	}
+
+	before_uid = getuid();
+
+	retval = plibc_func(ruid, euid, suid);
+	if (retval < 0)
+		return retval;
+
+	if (before_uid != getuid())
+		ust_after_setuid();
+
+	return retval;
+}
diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c
index 61dbb41b..36c876a4 100644
--- a/liblttng-ust/lttng-ust-comm.c
+++ b/liblttng-ust/lttng-ust-comm.c
@@ -225,10 +225,12 @@  void ust_unlock(void)
  *   daemon problems).
  */
 static sem_t constructor_wait;
+
 /*
  * Doing this for both the global and local sessiond.
  */
-static int sem_count = { 2 };
+enum { LTTNG_UST_INIT_SEM_COUNT = 2 };
+static int sem_count = LTTNG_UST_INIT_SEM_COUNT;
 
 /*
  * Counting nesting within lttng-ust. Used to ensure that calling fork()
@@ -1922,7 +1924,7 @@  void lttng_ust_cleanup(int exiting)
 	exit_tracepoint();
 	if (!exiting) {
 		/* Reinitialize values for fork */
-		sem_count = 2;
+		sem_count = LTTNG_UST_INIT_SEM_COUNT;
 		lttng_ust_comm_should_quit = 0;
 		initialized = 0;
 	}
@@ -2072,3 +2074,26 @@  void lttng_ust_sockinfo_session_enabled(void *owner)
 	struct sock_info *sock_info = owner;
 	sock_info->statedump_pending = 1;
 }
+
+/*
+ * Re-register the application when changing user ID. This is especially
+ * important for per-UID buffers. It is not strictly needed for per-PID
+ * buffers, but a slight extra overhead when changing user ID is considered
+ * harmless for a relatively infrequent operation.
+ */
+void ust_after_setuid(void)
+{
+	DBG("Unregistering the process");
+	lttng_ust_fixup_tls();
+	lttng_ust_exit();
+
+	sem_count = LTTNG_UST_INIT_SEM_COUNT;
+	lttng_ust_comm_should_quit = 0;
+	initialized = 0;
+
+	global_apps.wait_shm_mmap = NULL;
+	local_apps.wait_shm_mmap = NULL;
+
+	DBG("Registering the process under new UID=%u", getuid());
+	lttng_ust_init();
+}