| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201105180240.56754.vda.linux@googlemail.com> Date: Wed, 18 May 2011 02:40:56 +0200 From: Denys Vlasenko <vda.linux@...glemail.com> To: Tejun Heo <tj@...nel.org> Cc: oleg@...hat.com, jan.kratochvil@...hat.com, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, indan@....nu, bdonlan@...il.com Subject: Re: [PATCH 03/10] ptrace: implement PTRACE_SEIZE On Monday 16 May 2011 20:17, Tejun Heo wrote: > PTRACE_ATTACH implicitly issues SIGSTOP on attach which has side > effects on tracee signal and job control states. This patch > implements a new ptrace request PTRACE_SEIZE which attaches and traps > tracee without affecting its signal and job control states. > > The usage is the same with PTRACE_ATTACH but it takes PTRACE_SEIZE_* > flags in @data. Currently, the only defined flag is > PTRACE_SEIZE_DEVEL which is a temporary flag to enable PTRACE_SEIZE. > PTRACE_SEIZE will change ptrace behaviors outside of attach itself. > The changes will be implemented gradually and the DEVEL flag is to > prevent programs which expect full SEIZE behavior from using it before > all the behavior modifications are complete while allowing unit > testing. The flag will be removed once SEIZE behaviors are completely > implemented. > > After PTRACE_SEIZE, tracee will trap. Which trap will happen isn't > fixed. If other trap conditions exist (e.g. signal delivery), they > might be taken; otherwise, a trap with exit_code == (SIGTRAP | > PTRACE_EVENT_STOP << 8) is taken. If seized, this trap is also used > for group stop traps instead of exit_code == 0 with NULL GETSIGINFO. > > * PTRACE_SEIZE doesn't affect signal or group stop state. > > * After PTRACE_SEIZE, one trap will happen which might be a > PTRACE_EVENT_STOP trap. > > * If PTRACE_SEIZE'd, group stop also uses PTRACE_EVENT_STOP trap which > uses exit_code of (SIGTRAP | PTRACE_EVENT_STOP << 8) instead of the > stopping signal number and returns usual trap siginfo on > PTRACE_GETSIGINFO instead of NULL. > > Note that there currently is no way to find out the stopping signal > number while seized. This will be improved by future patches. > > Seizing sets PT_SEIZED in ->ptrace of the tracee. This flag will be > used to determine whether new SEIZE behaviors should be enabled. This makes PTRACE_EVENT_STOP similar to other PTRACE_EVENTs. The only difference is that it can't be set by PTRACE_SETOPTIONS as other events do, but activated implicitly by PTRACE_SEIZE. This made me thinking. How about making API even more similar to existing one? Create PTRACE_O_TRACESTOP, make it settable by PTRACE_SETOPTIONS too. Make PTRACE_SEIZE take the mask of PTRACE_O_xyz flags as data argument. If PTRACE_O_TRACESTOP is set, it works as you described above. If PTRACE_O_TRACESTOP is not set, then it works as good old PTRACE_ATTACH. In both cases, immediately at attach it sets opts a-la PTRACE_SETOPTIONS. We can even avoid introducing PTRACE_SEIZE at all, because currently PTRACE_ATTACH ignores its data argument. I know, I know, "this changes API", but did we ever promise that PTRACE_ATTACH with nonzero data arg is a valid usage? Also, I perused first 10 pages of google code search results and I see that everybody passes 0 or NULL. -- vda -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists