diff options
author | Peter Zijlstra <a.p.zijlstra@chello.nl> | 2009-08-19 05:18:26 -0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-08-19 09:25:51 -0400 |
commit | fa6963b2481beff8b11f76006fbb63fdbbf2d2d7 (patch) | |
tree | 001ec6fcaf0524ba07d950c1d983722513fff73a /tools | |
parent | b395cd8a74b4a8d943dd4b5585e676f62f7350b3 (diff) |
perf tools: Check perf.data owner
Add an owner check to opening perf.data files and a switch to
silence it.
Because perf-report/perf-annotate are binary parsers reading
another users' perf.data file could be a security risk if the
file were explicitly engineered to trigger bugs in the parser
(we hope of course there are non such bugs, but you never
know).
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
LKML-Reference: <20090819092023.896648538@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/perf/builtin-annotate.c | 7 | ||||
-rw-r--r-- | tools/perf/builtin-report.c | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tools/perf/builtin-annotate.c b/tools/perf/builtin-annotate.c index 343e7b14bf01..5e17de984dc8 100644 --- a/tools/perf/builtin-annotate.c +++ b/tools/perf/builtin-annotate.c | |||
@@ -31,6 +31,7 @@ static char *vmlinux = "vmlinux"; | |||
31 | static char default_sort_order[] = "comm,symbol"; | 31 | static char default_sort_order[] = "comm,symbol"; |
32 | static char *sort_order = default_sort_order; | 32 | static char *sort_order = default_sort_order; |
33 | 33 | ||
34 | static int force; | ||
34 | static int input; | 35 | static int input; |
35 | static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; | 36 | static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; |
36 | 37 | ||
@@ -1334,6 +1335,11 @@ static int __cmd_annotate(void) | |||
1334 | exit(-1); | 1335 | exit(-1); |
1335 | } | 1336 | } |
1336 | 1337 | ||
1338 | if (!force && (stat.st_uid != geteuid())) { | ||
1339 | fprintf(stderr, "file: %s not owned by current user\n", input_name); | ||
1340 | exit(-1); | ||
1341 | } | ||
1342 | |||
1337 | if (!stat.st_size) { | 1343 | if (!stat.st_size) { |
1338 | fprintf(stderr, "zero-sized file, nothing to do!\n"); | 1344 | fprintf(stderr, "zero-sized file, nothing to do!\n"); |
1339 | exit(0); | 1345 | exit(0); |
@@ -1439,6 +1445,7 @@ static const struct option options[] = { | |||
1439 | "input file name"), | 1445 | "input file name"), |
1440 | OPT_STRING('s', "symbol", &sym_hist_filter, "symbol", | 1446 | OPT_STRING('s', "symbol", &sym_hist_filter, "symbol", |
1441 | "symbol to annotate"), | 1447 | "symbol to annotate"), |
1448 | OPT_BOOLEAN('f', "force", &force, "don't complain, do it"), | ||
1442 | OPT_BOOLEAN('v', "verbose", &verbose, | 1449 | OPT_BOOLEAN('v', "verbose", &verbose, |
1443 | "be more verbose (show symbol address, etc)"), | 1450 | "be more verbose (show symbol address, etc)"), |
1444 | OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace, | 1451 | OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace, |
diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c index b53a60fc12de..8b2ec882e6e0 100644 --- a/tools/perf/builtin-report.c +++ b/tools/perf/builtin-report.c | |||
@@ -38,6 +38,7 @@ static char *dso_list_str, *comm_list_str, *sym_list_str, | |||
38 | static struct strlist *dso_list, *comm_list, *sym_list; | 38 | static struct strlist *dso_list, *comm_list, *sym_list; |
39 | static char *field_sep; | 39 | static char *field_sep; |
40 | 40 | ||
41 | static int force; | ||
41 | static int input; | 42 | static int input; |
42 | static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; | 43 | static int show_mask = SHOW_KERNEL | SHOW_USER | SHOW_HV; |
43 | 44 | ||
@@ -1856,6 +1857,11 @@ static int __cmd_report(void) | |||
1856 | exit(-1); | 1857 | exit(-1); |
1857 | } | 1858 | } |
1858 | 1859 | ||
1860 | if (!force && (stat.st_uid != geteuid())) { | ||
1861 | fprintf(stderr, "file: %s not owned by current user\n", input_name); | ||
1862 | exit(-1); | ||
1863 | } | ||
1864 | |||
1859 | if (!stat.st_size) { | 1865 | if (!stat.st_size) { |
1860 | fprintf(stderr, "zero-sized file, nothing to do!\n"); | 1866 | fprintf(stderr, "zero-sized file, nothing to do!\n"); |
1861 | exit(0); | 1867 | exit(0); |
@@ -2064,6 +2070,7 @@ static const struct option options[] = { | |||
2064 | OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace, | 2070 | OPT_BOOLEAN('D', "dump-raw-trace", &dump_trace, |
2065 | "dump raw trace in ASCII"), | 2071 | "dump raw trace in ASCII"), |
2066 | OPT_STRING('k', "vmlinux", &vmlinux, "file", "vmlinux pathname"), | 2072 | OPT_STRING('k', "vmlinux", &vmlinux, "file", "vmlinux pathname"), |
2073 | OPT_BOOLEAN('f', "force", &force, "don't complain, do it"), | ||
2067 | OPT_BOOLEAN('m', "modules", &modules, | 2074 | OPT_BOOLEAN('m', "modules", &modules, |
2068 | "load module symbols - WARNING: use only with -k and LIVE kernel"), | 2075 | "load module symbols - WARNING: use only with -k and LIVE kernel"), |
2069 | OPT_BOOLEAN('n', "show-nr-samples", &show_nr_samples, | 2076 | OPT_BOOLEAN('n', "show-nr-samples", &show_nr_samples, |