lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 23 May 2011 14:10:11 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Denys Vlasenko <vda.linux@...glemail.com>
Cc:	Tejun Heo <tj@...nel.org>, jan.kratochvil@...hat.com,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, indan@....nu
Subject: Re: Ptrace documentation, draft #1

On 05/20, Denys Vlasenko wrote:
>
> On Thu, May 19, 2011 at 9:49 PM, Oleg Nesterov <oleg@...hat.com> wrote:
> > Once again, PTRACE_KILL == ptrace(PTRACE_CONT, SIGKILL), except it
> > doesn't return the error if the tracee is not stopped.
>
> Oleg, this doesn't explain the resulting behavior in terms understandable
> to mere mortals. *What will happen* when user does ptrace(PTRACE_KILL)?
>
> Yes, it's obvious that the tracee gets SIGKILLed,

No, it is not necessarily killed. Once again, it is equivalent to PTRACE_CONT
except it returns 0 (but does nothing) if the tracee is not stopped.

"does nothing" is not 100% true, it does wake_up_process() but this shouldn't
be documented, this should be fixed.

> >> >> ??? can this SIGTRAP be distinguished from "real" user-generated SIGTRAP
> >> >>     by looking at its siginfo?
> >> >
> >> > Afaics no. Well, except .si_pid shows that the signal was sent by the
> >> > tracing process to itself.
> >>
> >> What about si_code? Is it set to SI_KERNEL for this signal?
> >
> > No, SI_USER.
>
> This is stupid. This signal is sent by kernel. Why is it flagged as "from user"?
> Maybe we should change it?

Well, may be... I dunno actually. Hmm. On a second thought you are probably
right. ptrace_report_syscall() does send_sig() too, but it sets SI_KERNEL.
I am starting to think, at least they should use the same si_code.

> (BTW, where is it generated in the kernel source? I found
> PTRACE_EVENT_EXEC generation, but failed to find
> "old-school SIGTRAP" generation code...)

tracehook_report_exec()->send_sig(SIGTRAP).

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ