On 06/05/2012 02:47 PM, Jonathan M. Foote wrote:
I have released an updated version of the CERT Triage Tools
that includes the workaround described in the previous
message along with new test cases that clear up some
licensing issues that were preventing the Tools from
being packaged with Fedora. It can be found here:
Outside of this release, I have also done some preliminary
investigation into adding proper support for core files
to the tools. I was able to work around the si_addr issue
(with degraded performance, as discussed below), but
I ran into another issue. I am unaware of a GDB interface
that allows the tool to access the full process address
space mapping info (along the lines of "info proc map"
in a live session). The tool can call "maint info sections,"
which I believe I can use to determine what addresses
and mapped and perhaps their permissions, but the original
mapped shared object names are absent. I plan to do further
Yes, as of today Linux core dumps don't save this information.
But the good news, we can try to fix it :)
I sent a patch to make Linux kernel include mapped file info
into core dumps:
I can resend a newer version of this patch, if you are willing
to join the lkml discussion and lobby for this patch
to be accepted. (Are you subscribed to lkml?)
We can also propose a similar patch to address si_addr problem.
If the shared object names are not available, again,
it may be possible to work around this lack of info and
degrade the performance of the tool further, but I wanted
to ask -- would it be plausible to integrate the CERT Triage
Tools with ABRT in a manner where the 'exploitable' plugin
could run in a GDB session with a live target?
Adding proper support for core files to the CERT Triage
Tools is still possible, but it seems like ABRT might get
more mileage from the 'exploitable' plugin if it can
operate on a live target.