Re: [PATCH] ptrace.2: BUGS: may set errno to zero

"Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> · Sat, 24 Nov 2018 08:17:22 +0100

On 6/22/18 5:44 PM, Jann Horn wrote:
> ptrace() with requests PTRACE_PEEKTEXT, PTRACE_PEEKDATA and
> PTRACE_PEEKUSER can set errno to zero. AFAICS this is for a good reason (so
> that you can tell the difference between a successful PEEK with a result of
> -1 and a failed PEEK, even if you forget to clear errno yourself), but it
> technically violates the rules described in the errno.3 manpage.

Hello Jann.

Thanks. Patch applied. Thanks for the very complete commit message!

Cheers,

Michael

> 
> glibc snippet from sysdeps/unix/sysv/linux/ptrace.c:
> 
>   res = INLINE_SYSCALL (ptrace, 4, request, pid, addr, data);
>   if (res >= 0 && request > 0 && request < 4)
>     {
>       __set_errno (0);
>       return ret;
>     }
> 
> reproducer:
> 
> 
> $ cat ptrace_test.c
> #define _GNU_SOURCE
> #include <stdio.h>
> #include <err.h>
> #include <sys/wait.h>
> #include <sys/ptrace.h>
> #include <unistd.h>
> #include <errno.h>
> #include <sys/prctl.h>
> #include <signal.h>
> char foobar_data[4] = "ABCD";
> int main(void) {
>   pid_t child = fork();
>   if (child == -1) err(1, "fork");
>   if (child == 0) {
>     if (prctl(PR_SET_PDEATHSIG, SIGKILL)) err(1, "prctl");
>     while (1) sleep(1);
>   }
>   int status;
>   if (ptrace(PTRACE_ATTACH, child, NULL, NULL)) err(1, "attach");
>   if (waitpid(child, &status, 0) != child) err(1, "wait");
>   errno = EINVAL;
>   unsigned int res = ptrace(PTRACE_PEEKDATA, child, foobar_data, NULL);
>   printf("errno after PEEKDATA: %d\n", errno);
>   printf("PEEKDATA result: 0x%x\n", res);
> }
> $ gcc -o ptrace_test ptrace_test.c -Wall
> $ ./ptrace_test
> errno after PEEKDATA: 0
> PEEKDATA result: 0x44434241
> 
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
>  man2/ptrace.2 | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/man2/ptrace.2 b/man2/ptrace.2
> index aea63d2d6..53d75c570 100644
> --- a/man2/ptrace.2
> +++ b/man2/ptrace.2
> @@ -2777,6 +2777,12 @@ again.
>  errors may behave in an unintended way upon an
>  .BR strace (1)
>  attach.)
> +.PP
> +Contrary to the normal rules, the glibc wrapper for
> +.BR ptrace ()
> +can set
> +.I errno
> +to zero.
>  .SH SEE ALSO
>  .BR gdb (1),
>  .BR ltrace (1),
> 

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/