lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK1hOcOdqvSDkR18FQzvP27jsFjH3Hu9ftQDM26Vo-sFkTjhFQ@mail.gmail.com>
Date:	Thu, 1 Mar 2012 20:02:33 +0100
From:	Denys Vlasenko <vda.linux@...glemail.com>
To:	Tim Bird <tim.bird@...sony.com>
Cc:	Andi Kleen <andi@...stfloor.org>, Oleg Nesterov <oleg@...hat.com>,
	linux kernel <linux-kernel@...r.kernel.org>, tj@...nel.org
Subject: Re: Questions about ptrace on a dying process

On Thu, Mar 1, 2012 at 7:30 PM, Tim Bird <tim.bird@...sony.com> wrote:
>>> Yeah - I may be doing something new here.  Android uses ptrace
>>> in debuggerd, which is their crash reporting tool, but they wake
>>> it up with signals before the dying program goes into coredump.
>>
>> I think ptrace API does not provide guarantees that it is possible
>> to attach to the process when it coredumps.
>>
>> It might work in current kernels, but might break in new ones.
>
> If it's not too much trouble, it would be nice to continue
> this behaviour.   Admittedly, my style of crash handling appears
> to be new, and I don't want to unnecessarily burden the code,
> but so far it works really well, and currently requires very
> minimal change to the existing ptrace code.  One thing that's
> nice about what I'm doing, is that I don't rely on the
> whole signal state machine of the process to interact with it
> (since a dying process can't respond correctly).
>
> So hopefully, continuing to support ptrace for a dying process
> won't interfere or burden the existing (rather complex)
> state processing in the current code.
>
> Just for reference, below is the patch I settled on for my own kernel.

You added yet another quirk to ptrace API - and this API
already has no shortage of quirks.
Of course you can maintain it for your kernel, but
adding it in mainline is a bizarre proposition.

I'm not even sure that _if_ PTRACE_SEIZE with PTRACE_O_TRACEEXIT
option works on semi-dead core-dumping process today without
patching, it is guaranteed to do so in the future.


> I'm planning taking a look at the PTRACE_SEIZE code to see if it
> accomplishes what I need, but haven't done that yet.
>
> I do have a question, though - how will a tracer know that it can
> use PTRACE_SEIZE?

By looking at kernel version.

-- 
vda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ