Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 02 Nov 2016 16:10:30 +0000
From: Adam Sampson <ats@...og.org>
To: kernel-hardening@...ts.openwall.com
Subject: Re: Legitimate use of /proc/PID/mem,maps and smaps

Marian Marinov <mm-l@...u.biz> writes:

> Are there any other legitimate users of these files, maybe X?

This is the kind of question that Debian Code Search is useful for
(although it's not exhaustive):
https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fmem&perpkg=1
https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fmaps&perpkg=1
https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fsmaps&perpkg=1

>From my bug-hunting experience, programs use /proc/self/maps for all
sorts of weird things -- e.g. working out the full path of the
executable, or what version of a shared library they've been linked
against, or guessing whether some random value is a valid pointer. Many
have embedded copies of code from gettext or BinReloc that uses it.

On the other hand, many of these don't actually need all the information
in /proc/self/maps, so you could get away with a simplified version that
only had valid filenames.

-- 
Adam Sampson <ats@...og.org>                         <http://offog.org/>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.