copy-on-write text pages when forking

fluca1978

Aspiring Daemon

Reaction score: 70
Messages: 735

Hi all,
if I get it right, when a fork is performed the pages that contain text code are cloned using a copy-on-write technique, and the reason is that if a debugger is running attached to the cloned process, the text can be modified without affecting the parent of the process.
Now, I have no idea of what happens when a debugger runs, but I thought that the text area was never ever modifiable under any circumstance, and the above seems to destruct my belief. Anyone can explain me better what happens in such case?
Thanks
 

trasz@

Active Member
Developer

Reaction score: 65
Messages: 218

After fork, all of the pages (except for shared memory, either SysV or POSIX) are copy-on-write. Debugger uses ptrace(2) to write to the address space of debugged process. Since it's COW, other processes are not affected.
 
OP
OP
F

fluca1978

Aspiring Daemon

Reaction score: 70
Messages: 735

Fine, searching a bit more I found that ptrace has flags to write inidcate the need to write instruction words and data. But this means that the text area is modifiable why the process is running. Even if this a special case (debugging applications), isn't this a problem with security?
 

xibo

Well-Known Member

Reaction score: 78
Messages: 390

You can only attach to a process running with your user ID.
 

trasz@

Active Member
Developer

Reaction score: 65
Messages: 218

Unless you're root. And of course there are additional restrictions due to jails (you cannot attach to a process with your UID running inside some other jail) and MAC.
 
Top