This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
"module privilege check" breaks (cross-)compilation due to libelf dependency
- From: "Turgis, Frederic" <f-turgis at ti dot com>
- To: SystemTap <systemtap at sourceware dot org>
- Date: Mon, 5 Dec 2011 13:36:01 +0000
- Subject: "module privilege check" breaks (cross-)compilation due to libelf dependency
Hi,
Commit "bb4470cacb3f7ce5161f9e8a1b7c37a87516a6c3 PR 13128: Implement module privilege check in staprun." has broken my cross-compilation environment to build "staprun" tool for ARM android (I do 4 first steps on host, staprun step on target), see end of mail.
Having a deeper look, there is in fact code in staprun_funcs.c that requires libelf like find_section_in_module() and get_module_required_credentials() (Elf_Scn for example) and that is not surrounded by HAVE_LIBELF_H or HAVE_ELF_GETSHDRSTRNDX
I never had libelf in my ARM filesystem, I am using --with-elfutils but configure.ac in runtime/staprun states that "We link only against the system elfutils. Connecting to a bundled elfutils build (stap/configure --with-elfutils=PATH) is too tricky to bother with"
I have then removed some code in a very hackish way to make it work (see below, basically the analysis of section STAP_PRIVILEGE_SECTION of module) but I am not sure if this is aligned with the goal of the author.
Script executes fine on target but I am "root" so this can hide some other issue
BUILD FAILURE:
CC staprun-staprun_funcs.o
staprun_funcs.c:237: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
staprun_funcs.c: In function 'get_module_required_credentials':
staprun_funcs.c:587: error: 'Elf_Scn' undeclared (first use in this function)
staprun_funcs.c:587: error: (Each undeclared identifier is reported only once
staprun_funcs.c:587: error: for each function it appears in.)
staprun_funcs.c:587: error: 'scn' undeclared (first use in this function)
staprun_funcs.c:588: error: 'Elf_Data' undeclared (first use in this function)
staprun_funcs.c:588: error: 'data' undeclared (first use in this function)
staprun_funcs.c:589: error: 'GElf_Shdr' undeclared (first use in this function)
staprun_funcs.c:589: error: expected ';' before 'shdr'
Hackish patch:
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 163a0ce..17265f3 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -233,14 +233,14 @@ find_section_in_module(const void* module_file, const __off_t st_size, const cha
}
return scn;
}
-#else /* no elf */
-static Elf_Scn *
-find_section_in_module(const void* v __attribute__((unused)),
- const __off_t o __attribute__((unused)),
- const char *c __attribute__((unused)))
-{
- return NULL;
-}
+//#else /* no elf */
+//static Elf_Scn *
+//find_section_in_module(const void* v __attribute__((unused)),
+// const __off_t o __attribute__((unused)),
+// const char *c __attribute__((unused)))
+//{
+// return NULL;
+//}
#endif
int
@@ -582,6 +582,7 @@ check_uprobes_module_path (
* Returns the required credentials if they can be determined or the default safe required
* credentials otherwise.
*/
+#if 0
static privilege_t get_module_required_credentials (const void* module_file, const __off_t st_size)
{
Elf_Scn *scn = 0;
@@ -645,7 +646,7 @@ static privilege_t get_module_required_credentials (const void* module_file, con
/* ALl is ok. Return the extrated privilege data. */
return privilege;
}
-
+#endif
/*
* Check the user's group membership.
*
@@ -668,8 +669,9 @@ check_groups (
off_t module_size
)
{
- privilege_t user_credentials, module_required_credentials;
-
+ privilege_t user_credentials;//, module_required_credentials;
+module_data = NULL;
+module_size = 0;
/* Lookup the user's privilege credentials. */
user_credentials = get_privilege_credentials ();
@@ -684,6 +686,7 @@ check_groups (
if (pr_contains (user_credentials, pr_stapsys))
return 1;
+#ifdef HAVE_LIBELF_H
/* For stapusr users, we must verify that the module was compiled for that privilege level. */
module_required_credentials = get_module_required_credentials (module_data, module_size);
if (pr_contains (user_credentials, pr_stapusr)) {
@@ -700,8 +703,8 @@ check_groups (
if (user_credentials == pr_none)
return -2;
-
return 0;
+#endif
}
/* Not fatal. The module could still be on a blessed path. */
Regards
Fred
Frederic Turgis
OMAP Platform Business Unit - OMAP System Engineering - Platform Enablement - System Multimedia
Texas Instruments France SA, 821 Avenue Jack Kilby, 06270 Villeneuve Loubet. 036 420 040 R.C.S Antibes. Capital de EUR 753.920