Hi Gerry,
I don't know what the problem is, but my first guess is to look at the difference between the posix code in EPICS 3.14 and 3.15. In particular osdProcess.c and osdThread.c.
diff -U3 /usr/local/epics/base-3.14.12.5/src/libCom/osi/os/posix/osdThread.c /usr/local/epics/base-3.15.2/src/libCom/osi/os/posix/
Here is a difference that looks looks like it could be relevant, for example:
+
+#if defined(_POSIX_MEMLOCK) && _POSIX_MEMLOCK > 0
+ if(errVerbose) {
+ fprintf(stderr, "LRT: min priority: %d max priority %d\n",
+ pcommonAttr->minPriority, pcommonAttr->maxPriority);
+ }
+ if (pcommonAttr->maxPriority > pcommonAttr->minPriority) {
+ status = mlockall(MCL_CURRENT | MCL_FUTURE);
+ if(status) {
+ fprintf(stderr, "Unable to lock the virtual address space using mlockall\n");
+ } else {
+ fprintf(stderr,"Successfully locked memory using mlockAll\n");
+ }
+ }
+#endif
+
Mark
________________________________________
From: [email protected] [[email protected]] on behalf of Gerry Swislow [[email protected]]
Sent: Wednesday, January 27, 2016 8:52 PM
To: [email protected]
Subject: set-user-id root and EPICS 3.15
Hi Tech-Talkers,
I'm having a problem with EPICS 3.15 in the "spec" set-user-id-root executable.
Why do I need a set-user-id-root binary? Many sites use spec on Linux platforms with PC board motor controllers, counter/timers, GPIB interfaces, etc. For many years now, spec has eschewed kernel drivers in favor of user-level support. The user-level support works on all Linux distributions over all iterations of the Linux kernel with no effort needed by the users. (Try that with kernel drivers!)
User level support requires access to I/O ports or on-board memory, which requires super-user privilege. Thus, in most installations, spec is installed as a set-user-id root program. The privilege escalation is immediately reset to that of the real user first thing when spec starts, and is only reactivated for the needed system calls, along these lines:
if (setreuid(-1, 0) == 0) {
iopl(3);
setreuid(-1, getuid());
}
There is no issue with users having root access while running spec with respect to permissions to do anything else that would not normally be permitted.
The problem is that in such an environment, certain library or system calls fail in a strange way, but only when spec is linked with EPICS 3.15. There is no issue with EPICS 3.14. When run as a normal user, the following set-user-id-root test program fails with the messages:
Successfully locked memory using mlockAll
pthread_create error Resource temporarily unavailable
Of course, if run as root, there is no error. Using the command "sudo strace -u gerry ./a.out", I see that the error is associated with a mmap() call:
mmap(NULL, 2101248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = -1 EAGAIN (Resource temporarily unavailable)
In spec, the errors occur with shmat(), getpwuid(), which uses mmap(), and malloc(). spec fails for good when malloc() fails.
I should also point out that the EPICS call isn't even needed. Just the act of linking with the EPICS 3.15 libraries breaks the code.
To be specific, I used EPICS 3.15.3 and EPICS 3.14.12. I tested on CentOS 7.2 and Linux Mint 17.2, both 64 bits. And I've spent all day trying to figure this one out.
Test code and a build script follow. Does anybody have a clue?
Thanks,
Gerry
-------------------------------------
/* file foo.c */#include <cadef.h>
int
main() {
char *p;
setreuid(-1, getuid());
ca_context_create(ca_disable_preemptive_callback);
}
-------------------------------------
#!/bin/bash
BASE=/usr/local/epics/base-3.14.12
BASE=/usr/local/epics/base-3.15.3
cc -I$BASE/include/os/Linux -I$BASE/include -I$BASE/include/compiler/gcc \
foo.c -L$BASE/lib/linux-x86_64 -lca -lCom
sudo chown root a.out
sudo chmod u+s a.out
./a.out
-------------------------------------
-------------------------------------
Gerry Swislow
Certified Scientific Software
PO Box 390640
Cambridge, MA 02139-0007
phone: (617) 576-1610
fax: (617) 497-4242
email: [email protected]
web: http://www.certif.com
- Replies:
- Re: set-user-id root and EPICS 3.15 Ralph Lange
- Re: set-user-id root and EPICS 3.15 Gerry Swislow
- References:
- set-user-id root and EPICS 3.15 Gerry Swislow
- Navigate by Date:
- Prev:
VTable Display widget ishita bhatia
- Next:
Re: set-user-id root and EPICS 3.15 Ralph Lange
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
<2016>
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
set-user-id root and EPICS 3.15 Gerry Swislow
- Next:
Re: set-user-id root and EPICS 3.15 Ralph Lange
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
<2016>
2017
2018
2019
2020
2021
2022
2023
2024
|