| |||||||||||||
mmap(0,,,MAP_FIXED,,) is *useful*mmap(0,,,MAP_FIXED,,) is *useful*Posted Jul 17, 2009 17:41 UTC (Fri) by jreiser (subscriber, #11027)In reply to: Linux 2.6.30 exploit posted by iabervon Parent article: Linux 2.6.30 exploit posted For over thirty years I have been using mmap(0,,,MAP_FIXED,,) to implement fraid, a file debugger. Invoke gdb on fraid, run with the name of the target file. fraid does open+fstat+mmap(0,.st_size,,MAP_FIXED,fd,0); then traps into gdb. That's the whole program: a dozen lines. The identity mapping from offset in the file to address in the address space of the debugger is exceedingly powerful. This is not something to give up, ever.
(Log in to post comments)
mmap(0,,,MAP_FIXED,,) is *useful* Posted Jul 17, 2009 18:15 UTC (Fri) by quotemstr (subscriber, #45331) [Link]
I don't understand -- how is a "file debugger" useful?
mmap(0,,,MAP_FIXED,,) is *useful* Posted Jul 17, 2009 18:32 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]
Limit it to running only root, then. Or add a special capability.
when all you have is a hammer Posted Jul 17, 2009 19:34 UTC (Fri) by xorbe (subscriber, #3165) [Link]
um seriously, using GDB to examine a binary file is just the wrong tool ... clever, but wrong!
mmap(0,,,MAP_FIXED,,) is *useful* Posted Jul 17, 2009 19:39 UTC (Fri) by iabervon (subscriber, #722) [Link]
It's not the address space of the debugger, it's the process being debugged, right? So you wouldn't actually have any code running while the processor has a mapping in the TLB at address zero, because fraid is stopped and gdb is probing it indirectly. So you wouldn't care if any process which has a mapping at address zero has lousy performance on return from interrupt or system call.
|
|||||||||||||