#2597 F35 Change: Debuginfod By Default
Opened 22 days ago by bcotton. Modified 2 hours ago

Fedora users / developers who need to debug/trace distro binaries can make use of the recently activated elfutils-debuginfod servers to automatically fetch debugging data and source code, instead of having to use # sudo dnf commands.


I added the meeting tag, because I think we should discuss the privacy and security implications of this.

Metadata Update from @zbyszek:
- Issue tagged with: meeting

17 days ago

Placeholder -0 while further discussion happens.

Random privacy/security thought after the meeting:

Open arbitrary fedora binary via gdb.
Admire the immediate downloading of debuginfo and source code.

What if there was a consent prompt? Something like:

Open arbitrary fedora binary via gdb.

Gdb will download and execute debuginfo files from https://debuginfod.fedoraproject.org/
For the information that will be shared with the server see https://debuginfod.fedoraproject.org/privacy
Allow this? [No/Yes/Never/Always]
> Always
Gdb will always download and execute debuginfo files from https://debuginfod.fedoraproject.org/ -- you can revisit this decision at any time by running `debuginfod --forget https://debuginfod.fedoraproject.org`

Admire the immediate downloading of debuginfo and source code.

What if there was a consent prompt?

Consider that there are a dozen+ applications that use the client code library, so new user interface at the per-consumer level would involve a lot of tooling & upstream changes. GDB for example already includes explicit diagnostics to show users downloads in progress, so there is no surprise. But it's not a confirmation, it's a diagnostic. Systemtap's stap-prep tool prints $DEBUGINFOD_URLS, but the main tool just uses it quietly if set.

If instead one aims at the client library, doing interactive tty UX conversations from within a low level place is not generally appropriate. Or do you happen to know such a distro framework or precedent?

No, I don't really, I just thought that getting user consent might be required by legal/etc.

A patch for one-time user notification (not interactive consent) has been drafted:
https://sourceware.org/pipermail/elfutils-devel/2021q2/003749.html

Awesome, thanks. Coudl you please paste a an example gdb session that has this? How does the user know what to do if they are paranoid and want to opt-out?

% gdb /bin/ls
[...]
Type "apropos word" to search for commands related to "word"...
Reading symbols from /bin/ls...

NOTICE: This system is configured to auto-download debuginfo from:
https://debuginfod.elfutils.org/
NOTICE: Set your $DEBUGINFOD_URLS differently if desired.

[sleeps here]
[...]

GDB accepts an interrupt at this point.

Awesome, that makes me +1 for the change.

Metadata Update from @churchyard:
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)

2 days ago

Could you explain what is required for the warning?

The example provided can be implemented in gdb. Is it enough if gdb provides that warning as in https://pagure.io/fesco/issue/2597#comment-730463 ?

I don't like having the library do extra file accesses, a warning and sleep:
https://sourceware.org/pipermail/elfutils-devel/2021q2/003770.html
It isn't the job of a library to do such interactive warnings, but of the programs using the libraries and/or the installer that sets the environment variable to opt in for the user.

Metadata Update from @churchyard:
- Issue status updated to: Open (was: Closed)

2 days ago

I am relieved :-) to report that Mark (elfutils maintainer) would approve an alternate method whereby elfutils' /etc/profile.d shell script fragments print out a one-time notification to the user. The patch below also tries to send a desktop notification (via /usr/bin/notify-send). However, this option is not tied to the point of use of an actual debugger-type tool. WDYT?

https://sourceware.org/pipermail/elfutils-devel/2021q2/003782.html

I am relieved :-) to report that Mark (elfutils maintainer) would approve an alternate method whereby elfutils' /etc/profile.d shell script fragments print out a one-time notification to the user. The patch below also tries to send a desktop notification (via /usr/bin/notify-send).

I'm confused. Wouldn't this script be executed on any login? Is it somehow tied to gdb or systemd-coredump being executed?

--

This was mentioned before (by @ngompa IIRC): can we please get a splash page under
https://debuginfod.fedoraproject.org/ ? It is important because if Fedora systemds start autoconnecting to that service, things will be easier if people immediately see an explanation what it is. https://debuginfod.debian.net seems like a good blueprint.

I'm confused. Wouldn't this script be executed on any login? Is it somehow tied to gdb or systemd-coredump being executed?

Yes, it would hit every user's first login, which seems broad. If this is unacceptable, and if the elfutils maintainer vetoes debuginfod-client library code even as a temporary fedora-only patch, then we are stuck with having to instrument calling applications. What would you say is a minimum set?

can we please get a splash page under https://debuginfod.fedoraproject.org

Can do - maybe just a redirect into the wiki? - just needs some proxy configuration work.

Login to comment on this ticket.

Metadata