Dear Michael, I found a documentation deficiency on [1] in /proc/<pid>/stat file (Table 1-4). May I ask you to indicate in this table that ESP and EIP have non-zero values only when the process is exiting or dumping core and the calling process has the permission for PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT. For implementation reference see [2]. Please, also note that for many of the reported numbers in this table the aforementioned permissions are needed to be displayed correctly (as non- zeroes). They are start_code, end_code, start_stack, esp, eip, wchan, start_data, end_data, start_brk, arg_start, arg_end, env_start, env_end, and exit_code. A small addition: I also observed that on [3] the "blog" points to 404. Thank you and all the best, Ákos [1]: https://www.kernel.org/doc/html/latest/filesystems/proc.html [2]: https://github.com/torvalds/linux/blob/master/fs/proc/array.c#L481-L502 [3]: https://www.kernel.org/doc/man-pages/maintaining.html
Attachment:
signature.asc
Description: This is a digitally signed message part.
