thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-10 01:25:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow to hide addresses in stack traces

Browse Source
This commit is contained in:
Alexey Milovidov 2022-07-29 00:13:02 +02:00
parent d3e5199372
commit 552b517e59
4 changed files with 45 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
programs/server/Server.cpp
View File

@ -627,6 +627,8 @@ int Server::main(const std::vector<std::string> & /*args*/)
MainThreadStatus::getInstance();
StackTrace::setShowAddresses(config().getBool("show_addresses_in_stack_traces", true));
registerFunctions();
registerAggregateFunctions();
registerTableFunctions();

6
programs/server/config.xml
View File

@ -1386,4 +1386,10 @@
<lru_cache_size>268435456</lru_cache_size>
<continue_if_corrupted>true</continue_if_corrupted>
</merge_tree_metadata_cache-->
<!-- This allows to disable exposing addresses in stack traces for security reasons.
Please be aware that it does not improve security much, but makes debugging much harder.
I don't recommend to change this setting.
-->
<show_addresses_in_stack_traces>true</show_addresses_in_stack_traces>
</clickhouse>

43
src/Common/StackTrace.cpp
View File

@ -1,6 +1,5 @@
#include <Common/StackTrace.h>
#include <Core/Defines.h>
#include <Common/Dwarf.h>
#include <Common/Elf.h>
#include <Common/SymbolIndex.h>
@ -8,6 +7,7 @@
#include <base/CachedFn.h>
#include <base/demangle.h>
#include <atomic>
#include <cstring>
#include <filesystem>
#include <sstream>
@ -19,6 +19,20 @@
# include <libunwind.h>
#endif
namespace
{
/// Currently this variable is set up once on server startup.
/// But we use atomic just in case, so it is possible to be modified at runtime.
std::atomic<bool> show_addresses = true;
}
void StackTrace::setShowAddresses(bool show)
{
show_addresses.store(show, std::memory_order_relaxed);
}
std::string signalToErrorMessage(int sig, const siginfo_t & info, [[maybe_unused]] const ucontext_t & context)
{
std::stringstream error; // STYLE_CHECK_ALLOW_STD_STRING_STREAM
@ -30,7 +44,7 @@ std::string signalToErrorMessage(int sig, const siginfo_t & info, [[maybe_unused
/// Print info about address and reason.
if (nullptr == info.si_addr)
error << "Address: NULL pointer.";
else
else if (show_addresses.load(std::memory_order_relaxed))
error << "Address: " << info.si_addr;
#if defined(__x86_64__) && !defined(OS_FREEBSD) && !defined(OS_DARWIN) && !defined(__arm__) && !defined(__powerpc__)
@ -372,7 +386,9 @@ static void toStringEveryLineImpl(
else
out << "?";
out << " @ " << physical_addr;
if (show_addresses.load(std::memory_order_relaxed))
out << " @ " << physical_addr;
out << " in " << (object ? object->name : "?");
for (size_t j = 0; j < inline_frames.size(); ++j)
@ -387,17 +403,22 @@ static void toStringEveryLineImpl(
out.str({});
}
#else
std::stringstream out; // STYLE_CHECK_ALLOW_STD_STRING_STREAM
out.exceptions(std::ios::failbit);
for (size_t i = offset; i < size; ++i)
if (show_addresses.load(std::memory_order_relaxed))
{
const void * addr = frame_pointers[i];
out << i << ". " << addr;
std::stringstream out; // STYLE_CHECK_ALLOW_STD_STRING_STREAM
out.exceptions(std::ios::failbit);
callback(out.str());
out.str({});
for (size_t i = offset; i < size; ++i)
{
const void * addr = frame_pointers[i];
out << i << ". " << addr;
callback(out.str());
out.str({});
}
}
else
callback("Addresses are hidden for security reasons.");
#endif
}

5
src/Common/StackTrace.h
View File

@ -67,6 +67,11 @@ public:
void toStringEveryLine(std::function<void(const std::string &)> callback) const;
/// Displaying the addresses can be disabled for security reasons.
/// If you turn off addresses, it will be more secure, but we will be unable to help you with debugging.
/// Please note: addresses are also available in the system.stack_trace and system.trace_log tables.
static void setShowAddresses(bool show);
protected:
void tryCapture();