From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pavel Machek <pavel@ucw.cz>
Subject: Re: [FYI] tux3: Core changes
Date: Wed, 27 May 2015 23:37:15 +0200
Message-ID: <20150527213715.GA15721@amd>
References: <8f886f13-6550-4322-95be-93244ae61045@phunq.net>
 <55545C2F.8040207@phunq.net>
 <55549C2F.6000103@redhat.com>
 <5555388F.5010909@phunq.net>
 <555562AE.9020204@redhat.com>
 <5555BE99.1030803@phunq.net>
 <20150527074137.GA1254@amd>
 <29109394-30ee-48be-b2e9-dd26e5aa9e28@phunq.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Rik van Riel <riel@redhat.com>, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, tux3@tux3.org,
	OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>, mgorman@suse.de,
	Andrea Arcangeli <aarcange@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>
To: Daniel Phillips <daniel@phunq.net>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <29109394-30ee-48be-b2e9-dd26e5aa9e28@phunq.net>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Wed 2015-05-27 11:09:25, Daniel Phillips wrote:
> On Wednesday, May 27, 2015 12:41:37 AM PDT, Pavel Machek wrote:
> >On Fri 2015-05-15 02:38:33, Daniel Phillips wrote:
> >>On 05/14/2015 08:06 PM, Rik van Riel wrote: ...
> >
> >Umm. Why do you think it is only issue for executable files?
> 
> I meant: files with code in them, that will be executed. Please excuse
> me for colliding with the chmod sense. I will say "code files" to avoid
> ambiguity.
> 
> >I'm free to mmap() any file, and then execute from it.
> >
> >/lib/ld-linux.so /path/to/binary
> >
> >is known way to exec programs that do not have x bit set.
> 
> So... why would I write to a code file at the same time as stepping
> through it with ptrace? Should I expect ptrace to work perfectly if
> I do that? What would "work perfectly" mean, if the code is changing
> at the same time as being traced?

Do you have any imagination at all?

Reasons I should expect ptrace to work perfectly if I'm writing to
file:

1) it used to work before

2) it used to work before

3) it used to work before and regressions are not allowed

4) some kind of just in time compiler

5) some kind of malware, playing tricks so that you have trouble
analyzing it

and of course,

6) it used to work before.

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html