lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Jan 2007 11:29:40 +0900
From:	"Kawai, Hidehiro" <hidehiro.kawai.ez@...achi.com>
To:	Pavel Machek <pavel@....cz>
Cc:	Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org,
	gregkh@...e.de, james.bottomley@...eleye.com,
	Satoshi OSHIMA <soshima@...hat.com>,
	"Hideo AOKI@...hat" <haoki@...hat.com>,
	sugita <yumiko.sugita.yf@...achi.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>
Subject: Re: [PATCH] binfmt_elf: core dump masking support

Hi Pavel,

>>>>The /proc/<pid>/ approach doesn't have these demerits, and it
>>>>has an advantage that users can change the bitmask of any process
>>>>at anytime.
>>>
>>>Well... not sure if it is advantage. 
>>
>>For example, consider the following case:
>>  a process forks many children and system administrator wants to
>>  allow only one of these processes to dump shared memory.
>>
>>This is accomplished as follows:
>>
>> $ echo 1 > /proc/self/coremask
>> $ ./some_program
>> (fork children)
>> $ echo 0 > /proc/<a child's pid>/coremask
>>
>>With the /proc/<pid>/ interface, we don't need to modify the
>>user program.  In contrast, with the ulimit or setrlimit interface,
>>the administrator can't do it without modifying the user program
>>to call setrlimit.  This will not be preferred.
> 
> Yep, otoh process coremask setting can change while it is running,
> that is not expected. Hmm, it can also change while it is dumping
> core, are you sure it is not racy?

Good point, thanks.  I never thought of that.
We can change the coremask setting while dumping the process's
memory, and it is problematic.

maydump() function which decides a given VMA may be dumped or not
is invoked twice per VMAs.  One is at the time of writing a program
header for a VMA, another is at the time of writing its contents.
If the coremask setting differs between the two, the program
header will point wrong place in the core file as its contents.

 
> (run echo 1 > coremask, echo 0 > coremask in a loop while dumping
> core. Do you have enough locking to make it work as expected?)

Currently, any lock isn't acquired.  But I think the kernel only
have to preserve the coremask setting in a local variable at the
begining of core dumping.  I'm going to do this in the next version.

Best regards,
-- 
Hidehiro Kawai
Hitachi, Ltd., Systems Development Laboratory


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ