[arch-general] possible root cause using Firefox
Today Firefox has crashed with the backtrace provided below when trying to view maps.google.com. While Firefox 45.0.2-1 was hanging I tried to invoke gdb with it: elm:~/bugs/arch-firefox-crash> ps ax | grep firefox 2655 ? Sl 13:25 /usr/bin/firefox 3281 pts/2 S+ 0:00 grep firefox elm:~/bugs/arch-firefox-crash> gdb -p 2655 GNU gdb (GDB) 7.11 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word". Attaching to process 2655 ptrace: Die Operation ist nicht erlaubt. (gdb) It says "operation not permitted" here when trying to ptrace firefox which was launched just normally as always as user elm. Nonetheless it was possible to backtrace the hanging frifeox-instance as user root as you can see in the P.S.-section. There are two things which I would like to say about it: * Firefox did apparently not only crash but acquire root privileges by doing so; otherwise it would not have needed user root to backtrace firefox (there is no SELinux, Apparmor or anything else running here; it is a plain Arch-installation) * Secondly I believe it a shame that we do not have -debuginfo packages for Arch. This way any gathered backtrace - be it for security reasons or just for supporting developers - will be pretty useless. Anyone here who would consider to work on the debuginfo - issue? Finally I will have to say that I had noticed screen distortions before Firefox started to hang; consequently this could well be an issue related to GL/nouveau as well. Thanks for Your Attention, Elmar Stellnberger P.S.: here comes the backtrace; (Unfortunately I did not gather a core dump or anything else:) #0 0x00007f67ddebcc3d in poll () from /usr/lib/libc.so.6 #1 0x00007f67d8a3fae2 in ?? () from /usr/lib/libxcb.so.1 #2 0x00007f67d8a41497 in ?? () from /usr/lib/libxcb.so.1 #3 0x00007f67d8a415a1 in xcb_wait_for_reply () from /usr/lib/libxcb.so.1 #4 0x00007f67dc836727 in _XReply () from /usr/lib/libX11.so.6 #5 0x00007f67dc81bc35 in XGetImage () from /usr/lib/libX11.so.6 #6 0x00007f67d1cab8f0 in ?? () from /usr/lib/firefox/libxul.so #7 0x00007f67d1cab7c8 in ?? () from /usr/lib/firefox/libxul.so #8 0x00007f67d1caf7e5 in ?? () from /usr/lib/firefox/libxul.so #9 0x00007f67d0e1d0b6 in ?? () from /usr/lib/firefox/libxul.so #10 0x00007f67d1cacd59 in ?? () from /usr/lib/firefox/libxul.so #11 0x00007f67d1cacbc3 in ?? () from /usr/lib/firefox/libxul.so #12 0x00007f67d1656b78 in ?? () from /usr/lib/firefox/libxul.so #13 0x00007f67d1cad9b3 in ?? () from /usr/lib/firefox/libxul.so #14 0x00007f67d16604f3 in ?? () from /usr/lib/firefox/libxul.so #15 0x00007f67cfc1635e in ?? () from /usr/lib/firefox/libxul.so #16 0x00007f67cfc03033 in ?? () from /usr/lib/firefox/libxul.so #17 0x00007f67cfc0af2d in ?? () from /usr/lib/firefox/libxul.so #18 0x00007f67cfc0e254 in ?? () from /usr/lib/firefox/libxul.so #19 0x00007f67cfc0314a in ?? () from /usr/lib/firefox/libxul.so #20 0x00007f67cfc0ae98 in ?? () from /usr/lib/firefox/libxul.so #21 0x00007f67cfc0c2b6 in ?? () from /usr/lib/firefox/libxul.so #22 0x00007f67cfc0314a in ?? () from /usr/lib/firefox/libxul.so #23 0x00007f67cfc0ae98 in ?? () from /usr/lib/firefox/libxul.so #24 0x00007f67cfc0c3d8 in ?? () from /usr/lib/firefox/libxul.so #25 0x00007f67cfc0314a in ?? () from /usr/lib/firefox/libxul.so #26 0x00007f67cfc0ae98 in ?? () from /usr/lib/firefox/libxul.so #27 0x00007f67cfc0c338 in ?? () from /usr/lib/firefox/libxul.so #28 0x00007f67cfc0314a in ?? () from /usr/lib/firefox/libxul.so #29 0x00007f67cfbff18d in ?? () from /usr/lib/firefox/libxul.so #30 0x00007f67cfc2b352 in ?? () from /usr/lib/firefox/libxul.so #31 0x00007f67d0a3ba01 in ?? () from /usr/lib/firefox/libxul.so #32 0x00007f67d0a413ad in ?? () from /usr/lib/firefox/libxul.so #33 0x00007f67d0a4757c in ?? () from /usr/lib/firefox/libxul.so #34 0x00007f67d15325a8 in ?? () from /usr/lib/firefox/libxul.so #35 0x00007f67d1530f0a in ?? () from /usr/lib/firefox/libxul.so #36 0x00007f67d133768b in ?? () from /usr/lib/firefox/libxul.so #37 0x00007f67d13363fc in ?? () from /usr/lib/firefox/libxul.so #38 0x00007f67d133441c in ?? () from /usr/lib/firefox/libxul.so #39 0x00007f67d1531f52 in ?? () from /usr/lib/firefox/libxul.so #40 0x00007f67d1530b59 in ?? () from /usr/lib/firefox/libxul.so #41 0x00007f67d133c52a in ?? () from /usr/lib/firefox/libxul.so #42 0x00007f67d133b8c0 in ?? () from /usr/lib/firefox/libxul.so #43 0x00007f67d133b800 in ?? () from /usr/lib/firefox/libxul.so #44 0x00007f67d133b45d in ?? () from /usr/lib/firefox/libxul.so #45 0x00007f67d154e249 in ?? () from /usr/lib/firefox/libxul.so #46 0x00007f67d1578e45 in ?? () from /usr/lib/firefox/libxul.so #47 0x00007f67d1577f7d in ?? () from /usr/lib/firefox/libxul.so #48 0x00007f67d148bf5f in ?? () from /usr/lib/firefox/libxul.so #49 0x00007f67d1511308 in ?? () from /usr/lib/firefox/libxul.so #50 0x00007f67d150fca5 in ?? () from /usr/lib/firefox/libxul.so #51 0x00007f67d12255d6 in ?? () from /usr/lib/firefox/libxul.so #52 0x00007f67d1239a8c in ?? () from /usr/lib/firefox/libxul.so ---Type <return> to continue, or q <return> to quit--- #53 0x00007f67d0c13582 in ?? () from /usr/lib/firefox/libxul.so #54 0x00007f67d0be7c4d in ?? () from /usr/lib/firefox/libxul.so #55 0x00007f67d1c528d6 in ?? () from /usr/lib/firefox/libxul.so #56 0x00007f67d1938b69 in NS_InvokeByIndex () from /usr/lib/firefox/libxul.so #57 0x00007f67d12c05fe in ?? () from /usr/lib/firefox/libxul.so #58 0x00007f67d12c240e in ?? () from /usr/lib/firefox/libxul.so #59 0x00007f67d1826a33 in ?? () from /usr/lib/firefox/libxul.so #60 0x00007f67d181840f in ?? () from /usr/lib/firefox/libxul.so #61 0x00007f67d18176de in ?? () from /usr/lib/firefox/libxul.so #62 0x00007f67d1826b8d in ?? () from /usr/lib/firefox/libxul.so #63 0x00007f67d182a2f5 in ?? () from /usr/lib/firefox/libxul.so #64 0x00007f67d1792d7c in ?? () from /usr/lib/firefox/libxul.so #65 0x00007f67d12c736d in ?? () from /usr/lib/firefox/libxul.so #66 0x00007f67d19397c7 in ?? () from /usr/lib/firefox/libxul.so #67 0x00007f67d1938cd9 in ?? () from /usr/lib/firefox/libxul.so #68 0x00007f678aee4620 in ?? () #69 0x00007f6795502820 in ?? () #70 0x00007f679a32cfa0 in ?? () #71 0x00007f679b5625e0 in ?? () #72 0x000000000000027f in ?? () #73 0x00007f6799f5fae0 in ?? () #74 0x0000000000000000 in ?? ()
On 27/04/16 07:22, Elmar Stellnberger wrote: [...]
It says "operation not permitted" here when trying to ptrace firefox which was launched just normally as always as user elm. Nonetheless it was possible to backtrace the hanging frifeox-instance as user root as you can see in the P.S.-section. There are two things which I would like to say about it:
* Firefox did apparently not only crash but acquire root privileges by doing so; otherwise it would not have needed user root to backtrace firefox (there is no SELinux, Apparmor or anything else running here; it is a plain Arch-installation)
I believe it's standard (for security reasons) in recent kernels to require root to trace any process that isn't a direct child of the tracer, even if the process is owned by the same user. This has been true for me on Arch Linux as well as Ubuntu. It doesn't necessarily mean Firefox gained root privileges. Try it on any other running user process, and you'll probably get the same behavior. I believe there's a knob (/proc/sys/kernel/yama/ptrace_scope) that controls this restriction. -- Travis Evans
participants (2)
-
Elmar Stellnberger
-
Travis Evans