Yes, this is a problem if you're trying to be secure. Anything that allows
memory contents to change while a process is stopped is trouble. There was a
thread about mapping a timeofday counter into every process to speed up
gettimeofday--this would also cause problems.
What to do? You could keep an eye on what is mapped and abort (or warn the
user) when a syscall is potentially accessing "volatile" memory. In order to
do this, though, you have to know the memory access patterns of every syscall,
reputed to be a quagmire for ioctl calls.
Another thing you could do would be to have a ptrace command to lock all
shared memory (other processes accessing those pages would suspend as if they
were paged out). There are lots of openings for deadlock and denial of
service here, though. For memory that is only shared between a set of
processes that are under the tracer's control, this could be faked without a
kernel change.
A very radical approach would be to copy all syscall arguments to a safe place
accessible only by the kernel and ptrace calls. Nice but slow, and unlikely
to be adopted.
One subtle problem with eliminating the problem race is that it potentially
provides a method for the program to discover that it is being traced ("No
races? I must be being traced."). Ideally there would be no way for the
program to tell.
--Mike
-- Any sufficiently adverse technology is indistinguishable from Microsoft.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/