Consider using `prctl(PR_SET_PTRACER, ...)` to ease e10s debugging on Linux

RESOLVED FIXED in Firefox 54

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: padenot, Assigned: padenot)

Tracking

(Blocks: 1 bug)

Trunk
mozilla54
All
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox54 fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

a year ago
See https://www.kernel.org/doc/Documentation/security/Yama.txt.

Maybe it would be worth it to pass `PR_SET_PTRACER_ANY` in debug, or to do something else?

Is there a way to allow to `ptrace` to a gecko child process when the parent has been started with gdb ?

The current scenario looks like this:
- MOZ_DEBUG_CHILD_PROCESS=1 ./mach run --debugger=gdb
- Look for the PID in the output of the parent
- Open another terminal
- gdb objdir/dist/bin/firefox $PID
- This does not work because of YAMA

Now, locally, you can do:

> `sudo gdb objdit/dist/bin/firefox $PID`

or
 
> `echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope`

because you're in `sudoers`. On taskcluster one-click-loaner, `/proc/sys` is read only and can't be remounted in rw because of docker. On a machine where you're not root, nothing can be done as far as I know.
(Assignee)

Updated

a year ago
Blocks: 1333813

Updated

a year ago
Whiteboard: sb+
We're already doing this on debug builds when we crash: http://searchfox.org/mozilla-central/rev/7da3c9dcf467964f2fb82f3a4c63972ee79bf696/toolkit/xre/nsSigHandlers.cpp#101

And PR_SET_PTRACER is allowed by the sandbox policy for that reason: http://searchfox.org/mozilla-central/rev/bf98cd4315b5efa1b28831001ad27d54df7bbb68/security/sandbox/linux/SandboxFilter.cpp#149

So this would just need the PR_SET_PTRACER to happen earlier, during startup; for example, here: http://searchfox.org/mozilla-central/rev/7da3c9dcf467964f2fb82f3a4c63972ee79bf696/toolkit/xre/nsEmbedFunctions.cpp#567


There's also a use case of starting the browser normally, attaching a debugger to some process, and then doing the steps-to-reproduce manually.  In that case you'd want the early PR_SET_PTRACER but not the child pausing, but I don't know how common it is to do that without having root access.
(Assignee)

Comment 2

a year ago
Created attachment 8831135 [details] [diff] [review]
Allow attaching to a child process on Linux when MOZ_DEBUG_CHILD_PROCESS is set and YAMA is activated and ptrace_scope is > 0

This works fine, and would allow debugging child processes on one-click-loaner.
How does it look ?
Attachment #8831135 - Flags: review?(jld)
(Assignee)

Updated

a year ago
Assignee: nobody → padenot
Status: NEW → ASSIGNED
(Assignee)

Updated

a year ago
Blocks: 1332902
Attachment #8831135 - Flags: review?(jld) → review+
(Assignee)

Comment 3

a year ago
Created attachment 8832025 [details] [diff] [review]
Allow attaching to a child process on Linux when MOZ_DEBUG_CHILD_PROCESS is set and YAMA is activated and ptrace_scope is > 0

We need to defined the arguments to `prctl` manually because they are not present in the header available on our builders (Ubuntu 14.04 - linux 3.13).
(Assignee)

Comment 4

a year ago
Comment on attachment 8832025 [details] [diff] [review]
Allow attaching to a child process on Linux when MOZ_DEBUG_CHILD_PROCESS is set and YAMA is activated and ptrace_scope is > 0

Same patch with the #define added, taken from another box that has a more recent kernel.
Attachment #8832025 - Flags: review?(jld)
(Assignee)

Updated

a year ago
Attachment #8831135 - Attachment is obsolete: true
Comment on attachment 8832025 [details] [diff] [review]
Allow attaching to a child process on Linux when MOZ_DEBUG_CHILD_PROCESS is set and YAMA is activated and ptrace_scope is > 0

Review of attachment 8832025 [details] [diff] [review]:
-----------------------------------------------------------------

Sorry about that; I'd confused PR_SET_PTRACER with something else I was looking at that's been in the kernel for longer.

For reference: PR_SET_PTRACER was added in 3.4, according to the man page, and last I heard our builders are CentOS 6, which is on 2.6.32 (with a lot of patches but maybe not the Yama LSM), so that would explain the build failures.  Ubuntu still supports a 3.2-based kernel for 12.04 LTS, but that includes some backported security features including Yama (and seccomp-bpf), and all of the newer releases are ≥ 3.4.
Attachment #8832025 - Flags: review?(jld) → review+

Comment 6

a year ago
Pushed by paul@paul.cx:
https://hg.mozilla.org/integration/mozilla-inbound/rev/81fe225a5ffe
Allow attaching to a child process on Linux when MOZ_DEBUG_CHILD_PROCESS is set and YAMA is activated and ptrace_scope is > 0.  r=jld

Comment 7

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/81fe225a5ffe
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
status-firefox54: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in before you can comment on or make changes to this bug.