Subject: kern/26804: PT_COREDUMP is totally horked
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <email@example.com>
Date: 08/29/2004 15:34:04
>Synopsis: PT_COREDUMP is totally horked
>Arrival-Date: Sun Aug 29 22:34:00 UTC 2004
>Originator: Jason R Thorpe
>Release: NetBSD 2.0G
-- Jason R. Thorpe <firstname.lastname@example.org>
System: NetBSD yeah-baby.shagadelic.org 2.0G NetBSD 2.0G (YEAH-BABY-XP) #26: Thu Jul 15 08:26:49 PDT 2004 email@example.com:/u1/netbsd/src/sys/arch/i386/compile/YEAH-BABY-XP i386
PT_COREDUMP is implemented in the most naive way possible,
and gets it totally wrong as a result.
The root of all of its problems revolves around the fact that
the target processes isn't actually suspended before the core
dump is taken. This means that the process can modify its
address space / VM map while the core dump is being performed,
risking an inconsistent dump or a kernel panic.
Observe how PT_DUMPCORE does not require P_TRACED to be set.
Not provided. A good first step might be to require PT_DUMPCORE
to require the target process to be PT_ATTACHED.