| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070122100610.GC16309@elf.ucw.cz> Date: Mon, 22 Jan 2007 11:06:10 +0100 From: Pavel Machek <pavel@....cz> To: "Kawai, Hidehiro" <hidehiro.kawai.ez@...achi.com> Cc: Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org, gregkh@...e.de, james.bottomley@...eleye.com, Satoshi OSHIMA <soshima@...hat.com>, "Hideo AOKI@...hat" <haoki@...hat.com>, sugita <yumiko.sugita.yf@...achi.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: Re: [PATCH] binfmt_elf: core dump masking support On Mon 2007-01-22 11:29:40, Kawai, Hidehiro wrote: > Hi Pavel, > > >>>>The /proc/<pid>/ approach doesn't have these demerits, and it > >>>>has an advantage that users can change the bitmask of any process > >>>>at anytime. > >>> > >>>Well... not sure if it is advantage. > >> > >>For example, consider the following case: > >> a process forks many children and system administrator wants to > >> allow only one of these processes to dump shared memory. > >> > >>This is accomplished as follows: > >> > >> $ echo 1 > /proc/self/coremask > >> $ ./some_program > >> (fork children) > >> $ echo 0 > /proc/<a child's pid>/coremask > >> > >>With the /proc/<pid>/ interface, we don't need to modify the > >>user program. In contrast, with the ulimit or setrlimit interface, > >>the administrator can't do it without modifying the user program > >>to call setrlimit. This will not be preferred. > > > > Yep, otoh process coremask setting can change while it is running, > > that is not expected. Hmm, it can also change while it is dumping > > core, are you sure it is not racy? > > Good point, thanks. I never thought of that. > We can change the coremask setting while dumping the process's > memory, and it is problematic. > > maydump() function which decides a given VMA may be dumped or not > is invoked twice per VMAs. One is at the time of writing a program > header for a VMA, another is at the time of writing its contents. > If the coremask setting differs between the two, the program > header will point wrong place in the core file as its contents. > > > > (run echo 1 > coremask, echo 0 > coremask in a loop while dumping > > core. Do you have enough locking to make it work as expected?) > > Currently, any lock isn't acquired. But I think the kernel only > have to preserve the coremask setting in a local variable at the > begining of core dumping. I'm going to do this in the next version. No, I do not think that is enough. At minimum, you'd need atomic_t variable. But I'd recomend against it. Playing with locking is tricky. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists