perf tools: Check perf.data owner · tjh.dev/kernel@fa6963b

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

perf tools: Check perf.data owner

Add an owner check to opening perf.data files and a switch to
silence it.

Because perf-report/perf-annotate are binary parsers reading
another users' perf.data file could be a security risk if the
file were explicitly engineered to trigger bugs in the parser
(we hope of course there are non such bugs, but you never
know).

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
LKML-Reference: <20090819092023.896648538@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

authored by

Peter Zijlstra and committed by

Ingo Molnar 16 years ago fa6963b2 b395cd8a

+14

2 changed files

expand all

tools

perf

builtin-annotate.c

builtin-report.c

tools/perf/builtin-annotate.c

··· 31 31 static char default_sort_order[] = "comm,symbol"; 32 32 static char *sort_order = default_sort_order; 33 33 34 + static int force; 34 35 static int input; 35 36 static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; 36 37 ··· 1335 1334 exit(-1); 1336 1335 } 1337 1336 1337 + if (!force && (stat.st_uid != geteuid())) { 1338 + fprintf(stderr, "file: %s not owned by current user\n", input_name); 1339 + exit(-1); 1340 + } 1341 + 1338 1342 if (!stat.st_size) { 1339 1343 fprintf(stderr, "zero-sized file, nothing to do!\n"); 1340 1344 exit(0); ··· 1445 1439 "input file name"), 1446 1440 OPT_STRING('s', "symbol", &sym_hist_filter, "symbol", 1447 1441 "symbol to annotate"), 1442 + OPT_BOOLEAN('f', "force", &force, "don't complain, do it"), 1448 1443 OPT_BOOLEAN('v', "verbose", &verbose, 1449 1444 "be more verbose (show symbol address, etc)"), 1450 1445 OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace,

tools/perf/builtin-report.c

··· 38 38 static struct strlist *dso_list, *comm_list, *sym_list; 39 39 static char *field_sep; 40 40 41 + static int force; 41 42 static int input; 42 43 static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; 43 44 ··· 1857 1856 exit(-1); 1858 1857 } 1859 1858 1859 + if (!force && (stat.st_uid != geteuid())) { 1860 + fprintf(stderr, "file: %s not owned by current user\n", input_name); 1861 + exit(-1); 1862 + } 1863 + 1860 1864 if (!stat.st_size) { 1861 1865 fprintf(stderr, "zero-sized file, nothing to do!\n"); 1862 1866 exit(0); ··· 2070 2064 OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace, 2071 2065 "dump raw trace in ASCII"), 2072 2066 OPT_STRING('k', "vmlinux", &vmlinux, "file", "vmlinux pathname"), 2067 + OPT_BOOLEAN('f', "force", &force, "don't complain, do it"), 2073 2068 OPT_BOOLEAN('m', "modules", &modules, 2074 2069 "load module symbols - WARNING: use only with -k and LIVE kernel"), 2075 2070 OPT_BOOLEAN('n', "show-nr-samples", &show_nr_samples,