From owner-freebsd-hackers@freebsd.org Fri Apr 13 08:45:58 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64487F9B1CD for ; Fri, 13 Apr 2018 08:45:58 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:375::1:5]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F1EA47EA28 for ; Fri, 13 Apr 2018 08:45:57 +0000 (UTC) (envelope-from Alexander@leidinger.net) Date: Fri, 13 Apr 2018 10:45:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1523609155; bh=QYMa+OKgoNx6SlCPQzbbsyoefvO9VtGBr9KPMFOHJPs=; h=Date:From:To:Subject:References:In-Reply-To; b=vppT0Q2AmADAURh7LDuweQm9GwCbBF+5OzONc+TFrb6wd53N4jm/ubOs3B1GpCgNw 6mYoYELf0x2aW4SR/GQgCaTxBLZchwKoGStuLCFGr0Rh93DAgzmuKYorTFQj/H57k9 uoy0+0GPta+gDCaZCL0JH7ECkChuc3SNA52rDt/Y61uZBZjLxBkTp+Wez+OX0a3d3n Brv1ZHeYMHc038j55pnX4ZxIZe/ZYZT4H7IHwz6x0KaAHKdgck/sq7ZGhqncDeoNQa KGXXM5ipVpe+SzDfq8wdFEsZ0tl86nmW2Gh54ZX/qL7bsKhiqViH0ZEEbIMld6shFW b3nsLO67XjQGA== Message-ID: <20180413104538.Horde.qmK8eOl8lVdSxpY1cQS83Tw@webmail.leidinger.net> From: Alexander Leidinger To: freebsd-hackers@freebsd.org Subject: Re: Tracing with DTrace, when custom probe provider is running as regular user References: <1D449DD6-4D38-4561-8BD0-B6E581AB53A8@gmail.com> In-Reply-To: User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_NTq82rNDf8Y9XZa21dthmow"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-Mailman-Approved-At: Fri, 13 Apr 2018 11:00:49 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 08:45:58 -0000 This message is in MIME format and has been PGP signed. --=_NTq82rNDf8Y9XZa21dthmow Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Matthew Seaman (from Mon, 9 Apr 2018=20=20 11:30:10=20+0100): > On 09/04/2018 11:01, Daniel Dettlaff wrote: >> Issue is critical for tracing Postgresql which demands to run with >> NON privileged user, but in general launching any server software as ro= ot >> should be considered to be "harmful" / "a bad idea" right? > > The issue with allowing non-privileged users access to dtrace is the=20= =20 >=20risk of disclosing kernel memory. Unfortunately blocking this=20=20 >=20access means that using the UserSDT's from (for example)=20=20 >=20postgresql-server running as the postgres user is not permitted. If I understand it right, the original poster was also not able to=20=20 trace=20a non-root process with root-dtrace. What's the reason for this? Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_NTq82rNDf8Y9XZa21dthmow Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJa0G4xAAoJEKrxQhqFIICEwE0P/iWNLg7/lWmDFrm08MEL9Dh9 GnA/B+UlLoQ/lQIvFe0Ky6veq7qTkrjwA5ls4vqiS5jPvJyqkNYJAVpxGYinVsKG 3I7XJ/v2AKsaiR0YMqbpBzyZQgKCRGE+9zchUw8ewFZCyceFnvoV1dQRoo9b3Hdj pVgOsvwPqQNnzk1KcGBBlNpT2P+wHu+ezSg2JA4G/NE7jQZECPsRuiO81BZoWrMX wRD9+Y20CEwt4XD6NKUD5uHWJVDgG6qv5MTZ5t4FXRfLnCPXD10o2iBdDrASfPUd gbFUDA00093hfsTo2lV3IBmbqqp2g5I2QEWZHrY/ixfMqlN9xeVLjVwmvsBK2UKe yXpITtLoiHtH3mkQnGSp+ba1ogjllXTUGN1xYH8m6KIc6TzoicakzUZ5NWUxY1K4 h2z7V41nY+B7Mh16PKWbXdu11eer4BTk/r+kWs/+7GZIMRinBUuF5oWKDXH90kQp AQkwlY34ruxPUoJNDdW8L8PtM4AC/S+hO+wnJRUPtlThV903mAaH8A9+IG1KoST1 FgktDPPTqAuCnrLlyvTpc1BupXhtb2GV0YWcUp+iPLIX8Tk52807B6BURBfG8gEw CM0kCXEmVTuQd8bQcIg2K9Yd8NMKFLaftERvPEG4lJD6YKs3A6uc/0eMy6fVUwdp KhdtxgjWXs75q28xSufO =+aLq -----END PGP SIGNATURE----- --=_NTq82rNDf8Y9XZa21dthmow--