This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: breakpoint assistance: single-step out of line
Jim Keniston <jkenisto@us.ibm.com> writes:
> [...]
> > Under what circumstances can a user program rewrite its own text?
>
> Frank answered:
> > After an mprotect?
> Indeed. I had to try it to believe it.
Likewise!
> [...] OK, here's my next dumb question. How do you envision a user
> process exploiting uprobes to mess up anything but itself (or its
> ptraced child) in a novel way?
I don't have a specific scenario in mind. One just needs to distrust
all the data coming from user space.
For example, the instructions being disassembled for out-of-line
single-stepping must be carefully analyzed, so it cannot hit shady
corner cases. The single-stepping must be done in minimum-privilege
state. The restoration of the instruction byte under the breakpoint
might need to assert that it is unchanged, or perhaps outright block
its attempted change somehow.
This one is an old shangri-la saw, but it may be desirable to block
visibility of the breakpoint itself, to make a systemtap session
relatively invisible.
- FChE