| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jan 2007 21:02:28 -0500 From: Daniel Jacobowitz <dan@...ian.org> To: "David S. Miller" <davem@...emloft.net> Cc: linux-kernel@...r.kernel.org Subject: Contents of core dumps (was: Re: fs/binfmt_elf.c:maydump()) [Please CC, I am not subscribed to lkml.] On Thu, Apr 06, 2006 at 10:18:07PM -0700, David S. Miller wrote: > How about something like the following patch? If it's executable > and not written to, skip it. This would skip the main executable > image and all text segments of the shared libraries mapped in. I've been going through GDB test failures (... again...) and I'm down to a respectably small number on x86_64, but this is one of the remaining ones. I don't suppose there's been any change since we discussed this in April? A refresher for those following along: there's a GDB test that mmaps a file using MAP_PRIVATE and PROT_WRITE. It expects the contents to end up in the core dump. Right now, they don't. I can fix the test by making sure it writes to the mapping, but before I change the test, I want to raise the question of what _should_ be in a core dump. I took a peek at what Solaris includes in core dumps. They offer (not surprisingly) a pile of configuration options. The default is just about everything except for file-backed shared memory and some symbol table data - it includes text segments, rodata, anonymous shared memory, file backed mappings, et cetera. I guess that's another argument in favor of dumping more. Then you can control it globally, per process, et cetera. http://src.opensolaris.org/source/xref/loficc/crypto/usr/src/uts/common/sys/corectl.h I also checked an AIX manual since there was a reference to SA_FULLDUMP in the GDB test: By default, the user data, anonymously mapped regions, and vm_infox structures are not included in a core dump. This partial core dump includes the current thread stack, the thread thrdctx structures, the user structure, and the state of the registers at the time of the fault. A partial core dump contains sufficient information for a stack traceback. The size of a core dump can also be limited by the setrlimit or setrlimit64 subroutine. To enable a full core dump, set the SA_FULLDUMP flag in the sigaction subroutine for the signal that is to generate a full core dump. If this flag is set when the core is dumped, the user data section, vm_infox, and anonymously mapped region structures are included in the core dump. Not really sure what that translates to, but it's less than what Solaris dumps, I think. Does Linux need knobs for this? > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index 537893a..9ec5c2b 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -1167,8 +1167,10 @@ static int maydump(struct vm_area_struct > if (vma->vm_flags & VM_SHARED) > return vma->vm_file->f_dentry->d_inode->i_nlink == 0; > > - /* If it hasn't been written to, don't write it out */ > - if (!vma->anon_vma) > + /* If it is executable and hasn't been written to, > + * don't write it out. > + */ > + if ((vma->vm_flags & VM_EXEC) && !vma->anon_vma) > return 0; > > return 1; > > -- Daniel Jacobowitz CodeSourcery - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists