On 1/27/06, Mulyadi Santosa <a_mulyadi@xxxxxxxxxx> wrote:
thanks Mulyadi for pointing us for this case .. i thought it was impossible
check the ptrace_writedata for example:
http://lxr.linux.no/source/kernel/ptrace.c#L267
it's really simple .. it copies data from user space then write it to the destination process using function "access_process_vm" at :
http://lxr.linux.no/source/kernel/ptrace.c#L194
which get the user page "get_user_pages" and writes data to it
but what i was looking for .. where is the check that is being done if the caller has the necessary access rights ? is it possible for me to write code that gets pages for some process and write arbitrary data to it !! impossible .. can you point me to what condition must be hold so i can get some page for write access "or read access"
thanks in advance
MHD.Tayseer
Dear Fawaad, Sarith...
> I am considering you are talking about user space
> applications/process ! AFAIK you can't access RAM content outside the
> process address space (user space processes). You can
> communicate/transfer data from one process/program to another through
> IPC mechanisms but can't access one process directly from other
> process. (CMIIW)
How about, studying ptrace() usage? "man ptrace" and look at
PTRACE_PEEKTEXT, PTRACE_PEEKDATA, PTRACE_PEEKUSR,
PTRACE_POKETEXT, PTRACE_POKEDATA, PTRACE_POKEUSR.
thanks Mulyadi for pointing us for this case .. i thought it was impossible
check the ptrace_writedata for example:
http://lxr.linux.no/source/kernel/ptrace.c#L267
it's really simple .. it copies data from user space then write it to the destination process using function "access_process_vm" at :
http://lxr.linux.no/source/kernel/ptrace.c#L194
which get the user page "get_user_pages" and writes data to it
but what i was looking for .. where is the check that is being done if the caller has the necessary access rights ? is it possible for me to write code that gets pages for some process and write arbitrary data to it !! impossible .. can you point me to what condition must be hold so i can get some page for write access "or read access"
thanks in advance
MHD.Tayseer
> By specifying O_DIRECT flag (I think while opening the file), you
> actually tells kernel to do direct IO, hence by-passing buffer cache
> .....
or without using any libc API, try "man raw". Thanks to EricB and Rene
hermant on #kernelnewbies IRC forum for showing me that.
regards
Mulyadi
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
