On Wed, Feb 2, 2022 at 4:19 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > Jann Horn <jannh@xxxxxxxxxx> writes: > > > When I rewrote the VMA dumping logic for coredumps, I changed it to > > recognize ELF library mappings based on the file being executable instead > > of the mapping having an ELF header. But turns out, distros ship many ELF > > libraries as non-executable, so the heuristic goes wrong... > > > > Restore the old behavior where FILTER(ELF_HEADERS) dumps the first page of > > any offset-0 readable mapping that starts with the ELF magic. > > > > This fix is technically layer-breaking a bit, because it checks for > > something ELF-specific in fs/coredump.c; but since we probably want to > > share this between standard ELF and FDPIC ELF anyway, I guess it's fine? > > And this also keeps the change small for backporting. > > In light of the conflict with my other changes, and in light of the pain > of calling get_user. > > Is there any reason why the doesn't unconditionally dump all headers? > Something like the diff below? > > I looked in the history and the code was filtering for ELF headers > there already. I am just thinking this feels like a good idea > regardless of the file format to help verify the file on-disk > is the file we think was mapped. Yeah, I guess that's reasonable. The main difference will probably be that the starting pages of some font files, locale files and python libraries will also be logged.
