This request returns (in 'data') the file descriptor backing the mapping that
covers a given 'addr'. This works even if the mapped file is unlinked and not
open anywhere besides this mapping.
New errors:
-BADFD if the address is an anonymous mapping
-EFAULT if the address is not mapped at all
-PERM if the LSM does not permit the receipt of this file descriptor
Note that because the original fd is returned, you can access portions of it
outside the range of the original mapping (the use case for this, involving
acquiring ELF headers for executables and shared libraries that were unlinked
after mapping, relies on this).
This does not introduce a security hole because in order for the ptraced process
to mmap any file in the first place it must have had an fd to it, and the
ptracee could have accessed the outside-original-mapping portions at that point,
or simply forced the ptraced process to send it the fd via a Unix-domain socket
and held on to it. There is no danger that an execute-only process can be read
by this mechanism either, since you cannot PTRACE_ATTACH to such a
process. (Shared libraries cannot be execute-only at all.)
PTRACE_GETMAPFD is provisionally of value 0x42A5, in the architecture-
independent addition range, out-of-the-way so as not to collide with other
additions.
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
projects / users / jedix / linux-maple.git / commit