fix(crashtracking): authenticate peer granted socket ptrace access#2098
Conversation
🎉 All green!🧪 All tests passed 🎯 Code Coverage (details) 🔗 Commit SHA: 3932d32 | Docs | Datadog PR Page | Give us feedback! |
b454bb3 to
6ad8741
Compare
Clippy Allow Annotation ReportComparing clippy allow annotations between branches:
Summary by Rule
Annotation Counts by File
Annotation Stats by Crate
About This ReportThis report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality. |
6ad8741 to
7acfd99
Compare
📚 Documentation Check Results📦
|
🔒 Cargo Deny Results📦
|
c33f0e5 to
b5f65a6
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b5f65a6671
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
b5f65a6 to
fb09bdd
Compare
Artifact Size Benchmark Reportaarch64-alpine-linux-musl
aarch64-unknown-linux-gnu
libdatadog-x64-windows
libdatadog-x86-windows
x86_64-alpine-linux-musl
x86_64-unknown-linux-gnu
|
yannham
left a comment
There was a problem hiding this comment.
Left some non-blocking remarks.
| } | ||
|
|
||
| /// Returns the currently registered expected receiver PID, or 0 if unset. | ||
| pub fn get_expected_receiver_pid() -> i32 { |
There was a problem hiding this comment.
Does this need to be public? I would expect that only set should be part of the public API.
fb09bdd to
3932d32
Compare
# Release v36.0.0 This release bumps the workspace version `35.0.0 → 36.0.0`. Below are the commits in `v35.0.0..HEAD` that directly modify the C ABI surface consumed by downstream SDKs. ## Major | Commit | FFI crate(s) affected | |---|---| | `refactor(shm)!: Extract one_way_shared_memory to IPC and prepare libdd-remote-config for python` (#2121) | `datadog-sidecar-ffi` | | `refactor(span)!: use VecMap for meta, metrics and meta_struct for v04 spans` (#2043) | `datadog-sidecar-ffi`, `libdd-data-pipeline-ffi` | | `feat(data-pipeline)!: add fork safety hooks and cancellation token for trace exporter FFI` (#2051) | `libdd-data-pipeline-ffi`, `libdd-profiling-ffi` | ## Minor | Commit | FFI crate(s) affected | |---|---| | `feat(sidecar): add retry interval configuration` (#2106) | `datadog-sidecar-ffi` | | `feat(profiling): Add setting to omit local root span id from serialized pprof` (#2104) | `libdd-profiling-ffi` | | `feat(live-debugger): agentless intake forwarding` (#2075) | `datadog-live-debugger-ffi` | | `feat(sidecar): forward FFE exposures to EVP proxy` (#2026) | `datadog-sidecar-ffi` | | `feat(sidecar): forward FFE evaluation metrics to OTLP intake` (#2052) | `datadog-sidecar-ffi` | | `feat: cross-language LTO to inline C TLS shim into Rust FFI` (#1982) | `libdd-otel-thread-ctx-ffi` (build-only: build.rs / scripts / README) | ## Patch | Commit | FFI crate(s) affected | |---|---| | `fix(ffe): honor shared fixture result metadata` (#2109) | `datadog-ffe-ffi` | | `fix(sidecar): Dedup VecMap spans before serialization` (#2107) | `datadog-sidecar-ffi` | | `fix(crashtracking): authenticate peer granted socket ptrace access` (#2098) | `libdd-crashtracker-ffi`, `datadog-sidecar-ffi` | | `fix(remote-config): notification of multi-processing and runtime deduplication` (#2082) | `datadog-sidecar-ffi` | | `fix(sidecar): configure OTLP endpoint for FFE metrics` (#2076) | `datadog-sidecar-ffi` | | `refactor(datadog-remote-config): rename as libdd-remote-config` (#2085) | `datadog-sidecar-ffi` (incl. `cbindgen.toml`) | Co-authored-by: julio.gonzalez <julio.gonzalez@datadoghq.com>

PROF-15013
What does this PR do?
Issue was raised in APMSP-3484
This PR implements authenticatation for socket-based crash receiver before granting ptrace permission by
PR_SET_PTRACERWe add
set_expected_receiver_pid()API that must be called during trusted initialization to register the legitimate receiver's PIDSignal handler now verifies
SO_PEERCREDpeer PID matches the registered expected PID; fails closed (skips ptrace grant) on mismatch or if unsetMotivation
What inspired you to submit this pull request?
Additional Notes
Anything else we should know when reviewing?
How to test the change?
Describe here in detail how the change can be validated.