| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Sep 2021 18:02:50 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Rustam Kovhaev <rkovhaev@...il.com>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
binutils@...rceware.org, gdb-patches@...rceware.org
Subject: Re: [RFC][PATCH] coredump: save timestamp in ELF core
On Sat, Sep 25, 2021 at 10:15:07AM -0700, Rustam Kovhaev wrote:
> Hello Alexander and linux-fsdevel@,
>
> I would like to propose saving a new note with timestamp in core file.
> I do not know whether this is a good idea or not, and I would appreciate
> your feedback.
>
> Sometimes (unfortunately) I have to review windows user-space cores in
> windbg, and there is one feature I would like to have in gdb.
> In windbg there is a .time command that prints timestamp when core was
> taken.
>
> This might sound like a fixed problem, kernel's core_pattern can have
> %t, and there are user-space daemons that write timestamp in the
> report/journal file (apport/systemd-coredump), and sometimes it is
> possible to correctly guess timestamp from btime/mtime file attribute,
> and all of the above does indeed solve the problem most of the time.
>
> But quite often, especially while researching hangs and not crashes,
> when dump is written by gdb/gcore, I get only core.PID file and some
> application log for research and there is no way to figure out when
> exactly the core was taken.
>
> I have posted a RFC patch to gdb-patches too [1] and I am copying
> gdb-patches@ and binutils@ on this RFC.
> Thank you!
IDGI. What's wrong with the usual way of finding the creation date of any
given file, including the coredump one?
Powered by blists - more mailing lists