From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 30 02:10:01 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B3D0F1065670 for ; Fri, 30 Apr 2010 02:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 917928FC13 for ; Fri, 30 Apr 2010 02:10:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o3U2A1Ft039933 for ; Fri, 30 Apr 2010 02:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o3U2A1qK039932; Fri, 30 Apr 2010 02:10:01 GMT (envelope-from gnats) Resent-Date: Fri, 30 Apr 2010 02:10:01 GMT Resent-Message-Id: <201004300210.o3U2A1qK039932@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gunnar Hinriksson Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F50D106564A for ; Fri, 30 Apr 2010 02:04:49 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 2E5198FC08 for ; Fri, 30 Apr 2010 02:04:49 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o3U24nrf044087 for ; Fri, 30 Apr 2010 02:04:49 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o3U24mj9044086; Fri, 30 Apr 2010 02:04:48 GMT (envelope-from nobody) Message-Id: <201004300204.o3U24mj9044086@www.freebsd.org> Date: Fri, 30 Apr 2010 02:04:48 GMT From: Gunnar Hinriksson To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/146167: ptrace PT_DETACH undocumented behavior X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2010 02:10:01 -0000 >Number: 146167 >Category: kern >Synopsis: ptrace PT_DETACH undocumented behavior >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 30 02:10:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Gunnar Hinriksson >Release: 8.0-RELEASE-p2 >Organization: >Environment: FreeBSD knut 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Apr 27 04:36:16 UTC 2010 gunnar@knut:/usr/obj/usr/src/sys/GENERIC amd64 >Description: When using PT_DETACH on ptrace the (caddr_t addr) parameter is not ignored like the documentation suggests. Instead it proceeds to change the execution address to the value of the parameter if it is not (void *)1. This can cause portability problems from other systems that implement ptrace and assume that the parameter is ignored. >How-To-Repeat: Write a program that uses ptrace to attach to another process and then detach with the parameter (caddr_t addr) value not equal to 1. This can cause the child process to segfault. >Fix: Attached patch. Patch attached with submission follows: --- /usr/src/sys/kern/sys_process.c 2009-10-25 01:10:29.000000000 +0000 +++ sys_process.c 2010-04-30 01:32:52.507274805 +0000 @@ -741,10 +741,13 @@ break; } - if (addr != (void *)1) { - error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr); - if (error) - break; + if (req == PT_CONTINUE) + { + if (addr != (void *)1) { + error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr); + if (error) + break; + } } if (req == PT_DETACH) { >Release-Note: >Audit-Trail: >Unformatted: