Bug 65382

Summary: src/shared/dev-setup.c is creating /dev/core symlink without checking if /proc/kcore is present
Product: systemd Reporter: Samuli Suominen <ssuominen>
Component: generalAssignee: systemd-bugs
Status: RESOLVED FIXED QA Contact: systemd-bugs
Severity: minor    
Priority: medium CC: itumaykin+freedesktop
Version: unspecified   
Hardware: All   
OS: All   
See Also: http://bugs.gentoo.org/show_bug.cgi?id=472060
Whiteboard:
i915 platform: i915 features:

Description Samuli Suominen 2013-06-05 01:08:12 UTC 
This was filed by "Coacher" at downstream here, http://bugs.gentoo.org/472060

At the end of systemd-204/src/shared/dev-setup.c you'll find,

void dev_setup(const char *prefix) {
        const char *j, *k;

        static const char symlinks[] =
                "/proc/kcore\0"      "/dev/core\0"
                "/proc/self/fd\0"    "/dev/fd\0"
                "/proc/self/fd/0\0"  "/dev/stdin\0"
                "/proc/self/fd/1\0"  "/dev/stdout\0"
                "/proc/self/fd/2\0"  "/dev/stderr\0";

        NULSTR_FOREACH_PAIR(j, k, symlinks) {

                if (prefix) {
                        char *linkname;

                        if (asprintf(&linkname, "%s/%s", prefix, k) < 0) {
                                log_oom();
                                break;
                        }

                        symlink_and_label(j, linkname);
                        free(linkname);
                } else
                        symlink_and_label(j, k);
        }
}

Which should check if the target is present before symlinking to it if I understood correctly.
Comment 1 Lennart Poettering 2013-06-05 08:16:32 UTC 
Why would this matter? Opening it will result in ENOENT either way. Also, how come /proc/kcore is missing for you?
Comment 2 Coacher 2013-06-05 08:46:10 UTC 
(In reply to comment #1)
> Why would this matter? Opening it will result in ENOENT either way. Also,
> how come /proc/kcore is missing for you?

Hello.

It is a matter of having a broken symlink in /dev. Also /proc/kcore is missing in hardened setups, for example. Namely grsecurity patches disable it.
Comment 3 Lennart Poettering 2013-06-05 09:02:22 UTC 
sorry. but we do not support out-of-tree kernel patches in systemd like this, where there's no clear perspective that they might ever go in. Please work with the grsecurity folks first to get their patches into the kernel proper before we can deal with this in systemd. this is true especially as there isnt really any behavioral impliciation of not fixing this as you get ENOENT either way.

Sorry.
Comment 4 Coacher 2013-06-05 09:30:57 UTC 
(In reply to comment #3)
> sorry. but we do not support out-of-tree kernel patches in systemd like
> this, where there's no clear perspective that they might ever go in. Please
> work with the grsecurity folks first to get their patches into the kernel
> proper before we can deal with this in systemd. this is true especially as
> there isnt really any behavioral impliciation of not fixing this as you get
> ENOENT either way.
> 
> Sorry.

Ok, even without patching vanilla kernel with grsecurity or any other hardening patches, /proc/kcore could be disabled in kernel config as a security precaution.

From my perspective I can understand different scenarios where this file is missing. Though I can not understand you desire to keep broken symlinks in /dev/ 'just because'. Does udev really need this symlink to work properly? Or maybe some other applications need it? Removing this broken symlink will trigger EACCES rather than ENOENT so my guess is no harm for applications would be done.
Comment 5 Lennart Poettering 2013-06-06 05:05:06 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > sorry. but we do not support out-of-tree kernel patches in systemd like
> > this, where there's no clear perspective that they might ever go in. Please
> > work with the grsecurity folks first to get their patches into the kernel
> > proper before we can deal with this in systemd. this is true especially as
> > there isnt really any behavioral impliciation of not fixing this as you get
> > ENOENT either way.
> > 
> > Sorry.
> 
> Ok, even without patching vanilla kernel with grsecurity or any other
> hardening patches, /proc/kcore could be disabled in kernel config as a
> security precaution.

Oh, there is such a kernel config option available without gresecurity? What's its name?

> From my perspective I can understand different scenarios where this file is
> missing. Though I can not understand you desire to keep broken symlinks in
> /dev/ 'just because'. Does udev really need this symlink to work properly?
> Or maybe some other applications need it? Removing this broken symlink will
> trigger EACCES rather than ENOENT so my guess is no harm for applications
> would be done.

Well, the kernel maintains /proc/kcore, and if this cannot be turned off in normal kernels then I see no reasons to support not creating the symlink for it. We do not support patched kernels like this, that's all.

If disabling kcore is indeed available as an option in vanilla kernels, then this would change the story however.
Comment 6 Michał Bartoszkiewicz 2013-06-06 08:57:49 UTC 
(In reply to comment #5)
> Oh, there is such a kernel config option available without gresecurity?
> What's its name?

It's CONFIG_PROC_KCORE from fs/proc/Kconfig in vanilla kernel.
Comment 7 Lennart Poettering 2013-06-06 09:38:53 UTC 
Well, in that case, this is different. Reopening.
Comment 8 Coacher 2013-06-06 13:36:45 UTC 
(In reply to comment #5)
> Oh, there is such a kernel config option available without gresecurity?
> What's its name?

As Michał already said it is CONFIG_PROC_KCORE.

> Well, the kernel maintains /proc/kcore, and if this cannot be turned off in
> normal kernels then I see no reasons to support not creating the symlink for
> it. We do not support patched kernels like this, that's all.
> 
> If disabling kcore is indeed available as an option in vanilla kernels, then
> this would change the story however.

Oh, I see your point now and it's rational. I thought you were aware that /proc/kcore is optional in vanilla kernel.

Please add a fix.
Comment 9 Zbigniew Jedrzejewski-Szmek 2013-06-10 13:15:31 UTC 
Fixed in http://cgit.freedesktop.org/systemd/systemd/commit/?id=696fee7.
Comment 10 Coacher 2013-06-10 18:01:00 UTC 
(In reply to comment #9)
> Fixed in http://cgit.freedesktop.org/systemd/systemd/commit/?id=696fee7.

Thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.