From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id BC933423DC;
	Sun, 15 Jan 2023 07:20:53 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 3949B410FB;
	Sun, 15 Jan 2023 07:20:53 +0100 (CET)
Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com
 [209.85.167.44])
 by mails.dpdk.org (Postfix) with ESMTP id E7B0640042;
 Sun, 15 Jan 2023 07:20:51 +0100 (CET)
Received: by mail-lf1-f44.google.com with SMTP id cf42so38682738lfb.1;
 Sat, 14 Jan 2023 22:20:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=1THWP/yZg6iSuLFcLH2EIyNlq0efzfhM2lL2EUQ0P3w=;
 b=YvfgIO78Y1BxeSYKDL1JVVcd2RU68AhUNu2PFg+HDv3rn4dQl+sWim9gRDEEu4wc9s
 vPEXoy0wJPYcWuAxVirGVn5QhgQAN4wXz4OEscLIsuH7c+VdOfUMfDgYgJO6A+QEtnQi
 ftrmy6RwG0RBqTMcilcZ1tEficaA8H7hDd9kxUocfOqK6yB6O757oKMyBG/3AcWFqdd4
 emASHHGbLGmxV13PWfCHL3TSZcKg5Gj86cqD9GLbLtDbaE8lTv+J0nGEOeuwx1v1b+eG
 EKCMxErwmxhBIZsX4TWj+YR73/r6VNcvcFpUwOkv+gbtWSEewhmmG7QjSXEAu9NCi2x0
 ZPRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=1THWP/yZg6iSuLFcLH2EIyNlq0efzfhM2lL2EUQ0P3w=;
 b=cACLLpb6tvbqx90HIMmyOwBH5FU+FQx/gZj/ZarrFvo4vdmbl6fJdmRhvjHU78Ynso
 vDDCI/fgJ3uM3YraKsCrK19yAt0pcvlvXcuIeB60UWi6TIPG1jmckAEBSpwZMogO0dCB
 ELN1eCa1TFqk9oRWltJo4DfbaXvuG8ts27+IoQ0fUhuHvpbEkHjJ5HoHsPHS2AX6/cn2
 O9oHMUV1J8G+qB32tLv2oOxW6X54g4oekYTSPW8FWq/3nrpUqfT38uKXehYEr9f5h1X+
 372YpuDshJjfJErftjO7yySLubD/DlLQeWVa7RaTVJf+lhuQUsUQFTzOtiHkN5/yybbU
 Iwvg==
X-Gm-Message-State: AFqh2krBt4Fqt1FUst64+yJkTymEQDbwHInjq9UKEkvXh+WJfnfgS6oF
 MxQfGGiigpgttu8rw8szQ9DZFtu75677VZu+dd0=
X-Google-Smtp-Source: AMrXdXvnxZv3DTCnYd2HZMZOhW8nsam/gtizqCvTojiWIudqi21jdoV0tgw1nUQVAQdXoDqXqyegfMDU7hGTyd+cTzU=
X-Received: by 2002:ac2:41da:0:b0:4b4:af05:4a8d with SMTP id
 d26-20020ac241da000000b004b4af054a8dmr3868921lfi.415.1673763651190; Sat, 14
 Jan 2023 22:20:51 -0800 (PST)
MIME-Version: 1.0
References: <20230114225802.136625-1-dmitry.kozliuk@gmail.com>
 <20230114182752.0fa60bf7@hermes.local>
In-Reply-To: <20230114182752.0fa60bf7@hermes.local>
From: Isaac Boukris <iboukris@gmail.com>
Date: Sun, 15 Jan 2023 08:20:39 +0200
Message-ID: <CAC-fF8RmL+sYTcRWpdUcnkgFLZf4Q_47Yb9DwZH-v+GY6ULPGA@mail.gmail.com>
Subject: Re: [PATCH] doc: add capability to access physical addresses
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>, dev@dpdk.org, stable@dpdk.org, 
 Boris Ouretskey <borisusun@gmail.com>,
 Bruce Richardson <bruce.richardson@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On Sun, Jan 15, 2023 at 4:27 AM Stephen Hemminger
<stephen@networkplumber.org> wrote:
>
> On Sun, 15 Jan 2023 01:58:02 +0300
> Dmitry Kozlyuk <dmitry.kozliuk@gmail.com> wrote:
>
> > CAP_DAC_OVERRIDE capability is required to access /proc/self/pagemap,
> > but it was missing from the Linux guide, causing issues for users.
> >
> > Fixes: 979bb5d493fb ("doc: add more instructions for running as non-root")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
> > Reported-by: Boris Ouretskey <borisusun@gmail.com>
> > Reported-by: Isaac Boukris <iboukris@gmail.com>
>
> DAC_OVERRIDE is like having the master key. It opens all doors
> and if so, running as non-root really doesn't matter that much.

The cap_sys_admin also seems heavy but I guessed it is still better
than full root.

> Ideally, a finer grain permission could be used.
> Recommending this to users seems wrong.
>
> According proc.5 man page.
>
>
>        /proc/[pid]/pagemap (since Linux 2.6.25)
>               This file shows the mapping of each of the process's
>               virtual pages into physical page frames or swap area.
> ...
>               Permission to access this file is governed by a ptrace
>               access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
>
> Which distro is this? What security module are you using.
> For example, on Debian (kernel 5.17) running as non-root it is possible to read pagemap.

I tested on fedora (but also on Rocky8 older kernel): uname -a
Linux localhost.localdomain 6.0.17-200.fc36.x86_64 #1 SMP
PREEMPT_DYNAMIC Wed Jan 4 16:00:03 UTC 2023 x86_64 x86_64 x86_64
GNU/Linux

It can be shown by running the 'pagemap.c' demo code from
https://bugs.centos.org/view.php?id=17176 which hinted me to adding
DAC_OVERRIDE.

The strange thing is that running it without any capabilities allows
you to read the file but give the leading zeros, upon adding
cap_ipc_lock,cap_sys_admin you get a read error and only adding
cap_dac_override lets it run successfully.