[CRIU] [PATCH 1/3] prctl: reduce permissions to change boundaries of data, brk and stack
Eric W. Biederman
ebiederm at xmission.com
Sat Feb 15 15:05:43 PST 2014
Andrey Wagin <avagin at gmail.com> writes:
> 2014-02-14 23:16 GMT+04:00 Eric W. Biederman <ebiederm at xmission.com>:
>>
>> Hmm. Let me rewind this a little bit.
>>
>> I want to be very stupid and ask the following.
>>
>> Why can't you have the process of interest do:
>> ptrace(PTRACE_ATTACHME);
>> execve(executable, args, ...);
>>
>> /* Have the ptracer inject the recovery/fixup code */
>> /* Fix up the mostly correct process to look like it has been
>> * executing for a while.
>> */
>>
>> That should work, set all of the interesting fields, and works as
>> non-root today. My gut feel says do that and we can just
>> deprecate/remove prctl_set_mm.
>
> start_brk and start_stack are randomized each time. I don't understand
> how execve() can restore the origin values of attributes.
As is the location of the vdso and there isn't a way to set that.
So perhaps what we want to do is to change the randomization with
mremap(old_addr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, new_addr)
and just have the kernel update all of the addresses in bulk when we
move the location.
I don't know what the folks who are worried about losing tampering
evidence will think but as a targeted special case it may not be at all
crazy.
Eric
More information about the CRIU
mailing list