Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unprivileged normalize API #518

Closed
r1viollet opened this issue Feb 9, 2024 · 5 comments · Fixed by #520
Closed

Unprivileged normalize API #518

r1viollet opened this issue Feb 9, 2024 · 5 comments · Fixed by #520
Assignees
@d-e-s-o

Comments

@r1viollet
Copy link
Contributor

r1viollet commented Feb 9, 2024
edited
Loading

Description

When using the current normalize API, we require elevated permissions. This is due to the usage of map_files.
Here is for instance the failing syscall from a strace:

4122778 openat(AT_FDCWD, "/proc/4122778/map_files/61bc0125c000-61bc0125e000", O_RDONLY|O_CLOEXEC) = -1 EPERM (Operation not permitted)

We could propose a normalization API that works from source.
The logic would be similar to what we propose here

This uses the mapping information (from proc/<PID>/maps) and the segment information from the file. Finding files associated to mappings can be a challenge. So perhaps it should be the responsibility of the user, to provide the matching elf file.

Motivation

This would allow us to use the API within a process (or a child process) to symbolize itself (or the parent).
Our use case is to annotate crashes or errors with associated symbols. From the associated stack trace, we could normalize and symbolize from source.
@r1viollet
Copy link
Contributor Author

r1viollet commented Feb 9, 2024
edited
Loading

This is somewhat a different use case from the issues I previously submitted. Thanks again for being so fast in considering my issues.

@d-e-s-o
Copy link
Collaborator

d-e-s-o commented Feb 9, 2024

Yeah, I can see it being useful to have a solution for cases where fewer permissions are available. We changed this behavior with 327f288 and effectively requiring root has certainly not been a great characteristic to have ever since.

We could propose a normalization API that works from source.

What are you referring to when you say "from source"?

We still keep what we call the symbolic path around, so we could introduce an option to use that instead of the maps_file. I can't think of a better API design off-hand.

@d-e-s-o d-e-s-o self-assigned this Feb 9, 2024
@d-e-s-o
Copy link
Collaborator

d-e-s-o commented Feb 9, 2024
edited
Loading

@r1viollet I created #520, which I'd think should cater to your use case, if you set the map_files argument to false in the blaze_symbolize_src_process object. Feel free to give it a try and let us know if it works for you.

@d-e-s-o d-e-s-o linked a pull request Feb 15, 2024 that will close this issue
Add support for "permissionless" symbolization #520
Merged
@d-e-s-o
Copy link
Collaborator

d-e-s-o commented Feb 15, 2024

Closed via 8415b4e

@d-e-s-o d-e-s-o closed this as completed Feb 15, 2024
@r1viollet
Copy link
Contributor Author

Sorry for the late feedback. I was out for some days. This worked well for us! Thank you 🙇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d-e-s-o d-e-s-o

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for "permissionless" symbolization d-e-s-o/blazesym
2 participants
@d-e-s-o @r1viollet