lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YU9kSgEmojalPybp@zeniv-ca.linux.org.uk>
Date:   Sat, 25 Sep 2021 18:02:50 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Rustam Kovhaev <rkovhaev@...il.com>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        binutils@...rceware.org, gdb-patches@...rceware.org
Subject: Re: [RFC][PATCH] coredump: save timestamp in ELF core

On Sat, Sep 25, 2021 at 10:15:07AM -0700, Rustam Kovhaev wrote:
> Hello Alexander and linux-fsdevel@,
> 
> I would like to propose saving a new note with timestamp in core file.
> I do not know whether this is a good idea or not, and I would appreciate
> your feedback.
> 
> Sometimes (unfortunately) I have to review windows user-space cores in
> windbg, and there is one feature I would like to have in gdb.
> In windbg there is a .time command that prints timestamp when core was
> taken.
> 
> This might sound like a fixed problem, kernel's core_pattern can have
> %t, and there are user-space daemons that write timestamp in the
> report/journal file (apport/systemd-coredump), and sometimes it is
> possible to correctly guess timestamp from btime/mtime file attribute,
> and all of the above does indeed solve the problem most of the time.
> 
> But quite often, especially while researching hangs and not crashes,
> when dump is written by gdb/gcore, I get only core.PID file and some
> application log for research and there is no way to figure out when
> exactly the core was taken.
> 
> I have posted a RFC patch to gdb-patches too [1] and I am copying
> gdb-patches@ and binutils@ on this RFC.
> Thank you!

IDGI.  What's wrong with the usual way of finding the creation date of any
given file, including the coredump one?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ