Bug 152198

Summary: ptrace and /proc permissions broken for nptl threads
Product: [Fedora] Fedora Reporter: Tom Horsley <horsley1953>
Component: kernelAssignee: Roland McGrath <roland>
Status: CLOSED UPSTREAM QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: bugsy, davej, mingo, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-19 01:10:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test program to demo bug none

Description Tom Horsley 2005-03-26 00:57:54 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
As I understand it one of the goals of NPTL was to make a "process" really
be a process even if it had multiple threads, getpid() is the same in all
threads, and all other permissions and wot-not should be the same in all threads.
However, debuggers are apparently denied thse benefits of NPTL :-).

Only the specific thread that gained control of a process for ptrace()
is allowed to do other ptrace() requests, also, only that thread
is allowed to read from the /proc "mem" file.

I will attach the pidbug.c program to demonstrate the bug.

Somewhere in the twisty maze of permission checking some debugging
related checks should be checking the thread group, not the specific
thread ID.


Version-Release number of selected component (if applicable):
kernel-2.6.10-1.770_FC3

How reproducible:
Always

Steps to Reproduce:
1. gcc -o pidbug pidbug.c -lpthread && ./pidbug
  

Actual Results:  INFO: main thread ptrace(PTRACE_PEEKDATA) PASSED.
ERR: other thread ptrace(PTRACE_PEEKDATA) call failed: No such process (errno = 3)
INFO: main thread /proc read PASSED.
ERR: other thread read() call failed: No such process (errno = 3)


Expected Results:  INFO: main thread ptrace(PTRACE_PEEKDATA) PASSED.
INFO: other thread ptrace(PTRACE_PEEKDATA) PASSED.
INFO: main thread /proc read PASSED.
INFO: other thread /proc read PASSED.


Additional info:
Comment 1 Tom Horsley 2005-03-26 00:59:58 UTC 
Created attachment 112354 [details]
test program to demo bug
Comment 2 Dave Jones 2005-07-15 17:44:47 UTC 
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.
Comment 3 Tom Horsley 2005-07-17 00:30:48 UTC 
Just tried this on my FC4 system with latest kernel (2.6.12-1.1390_FC4)
and the test program still exhibits the bug.
Comment 4 Tom Horsley 2005-07-17 00:51:21 UTC 
I foolishly ran the tests without doing up2date first, but the even
newer kernel 2.6.12-1.1398_FC4 also still fails.
Comment 5 Dave Jones 2005-09-30 06:13:50 UTC 
Mass update to all FC4 bugs:

An update has been released (2.6.13-1.1526_FC4) which rebases to a new upstream
kernel (2.6.13.2). As there were ~3500 changes upstream between this and the
previous kernel, it's possible your bug has been fixed already.

Please retest with this update, and update this bug if necessary.

Thanks.
Comment 6 Tom Horsley 2005-09-30 14:29:16 UTC 
Still fails in kernel 2.6.13-1.1526_FC4.
Comment 7 Dave Jones 2005-11-10 19:11:36 UTC 
2.6.14-1.1637_FC4 has been released as an update for FC4.
Please retest with this update, as a large amount of code has been changed in
this release, which may have fixed your problem.

Thank you.
Comment 8 Tom Horsley 2005-11-11 12:48:45 UTC 
Tried test prog on 1637 kernel - same bug still exists.
Comment 9 Dave Jones 2006-02-03 05:15:30 UTC 
This is a mass-update to all currently open kernel bugs.

A new kernel update has been released (Version: 2.6.15-1.1830_FC4)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO_REPORTER state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

Thank you.
Comment 10 Tom Horsley 2006-02-03 13:19:39 UTC 
Nope, as I expected, the bug still exists in kernel 2.6.15-1.1830_FC4.
Comment 11 Dave Jones 2006-09-17 01:44:58 UTC 
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 12 Tom Horsley 2006-09-17 19:30:45 UTC 
Just tested on FC5 with kernel 2.6.17-1.2187_FC5smp and the pidbug
demo program still fails the same way.
Comment 13 Dave Jones 2006-10-16 17:39:15 UTC 
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 14 Tom Horsley 2006-10-17 15:18:02 UTC 
With kernel 2.6.18-1.2200.fc5smp, i686, this bug still exists.
Comment 15 Roland McGrath 2007-11-19 01:10:50 UTC 
This is the upstream behavior.  For ptrace, it's not just a permission issue,
but an implementation requirement for serialization purposes.