gdb是否暂时给页面写入权限？ [英] Does gdb temporarily give pages write permission?

问题描述

我在一个Linux应用程序中调试seg故障，这是由于程序试图改变静态常量数组结构引起的（所以数据位于ELF的只读部分，然后加载到当时的页面中给予只读权限）。

在GDB中，我在汇编器中放置了一个断点，这个断点执行了不良存储，当它停在那里时，我使用GDB手动执行等效的写操作。广发行无任何抱怨地做了这件事，并且读回价值证明它的确写过。我查看了/ proc / thepid / maps，并且该特定页仍被标记为不可写入。

所以我的问题是：GDB是否暂时设置了写权限只读页面，执行写入，然后重置权限？

解决方案

是否允许GDB临时设置写入权限？
blockquote>

否。

在Linux / * 86上， ptrace（）（这是GDB用来读写低级（被调试的）进程内存的东西）允许读取和写入页面，这些页面不能被下层读/写，这完全导致了你描述的混乱。

这可能被认为是内核中的一个bug。

值得注意的是内核 em>允许ptrace写入通常不可写入的 .text 部分，以便调试器能够设置断点（这是通过用断点/陷阱覆盖原始指令完成的指令 - int3 通过 PTRACE_POKETEXT 请求）。

内核不必为 POKE_DATA ，但是 man ptrace 表示：

  PTRA CE_POKETEXT，PTRACE_POKEDATA 
将单词数据复制到孩子记忆中的位置地址。 
如上所述，这两个请求目前是相同的。 
  

我相信这就是导致当前行为的等价性。

I was debugging a seg fault in a Linux app that was caused by a program trying to change a static constant array structure (so the data was in the read-only section of the ELF and subsequently loaded in a page that was then given read-only permission).

While in GDB I put a breakpoint on the line of assembler that did the bad store, and when it stopped there I manually performed the equivalent write action using GDB. GDB did this without any complaints, and reading the value back proved it had indeed been written. I looked in /proc/thepid/maps and that particular page was still marked as "not writeable".

So my question is: does GDB temporarily set write permissions on a read-only page, perform the write, then reset the permissions? Thanks.

解决方案

does GDB temporarily set write permissions

No.

On Linux/*86, ptrace() (which is what GDB uses to read and write the inferior (being debugged) process memory) allows reads and writes to pages that are not readable/writable by the inferior, leading exactly to the confusion you've described.

This could be considered a bug in the kernel.

It should be noted that the kernel has to allow ptrace to write to normally non-writable .text section for the debugger to be able to plant breakpoints (which is done by overwriting original instruction with the breakpoint/trap instruction -- int3 via PTRACE_POKETEXT request).

The kernel doesn't have to do the same for POKE_DATA, but man ptrace says:

PTRACE_POKETEXT, PTRACE_POKEDATA
   Copies the word data to location addr in the child's memory.
   As above, the two requests are currently equivalent.

I believe it's that equivalentness that causes the current behavior.

这篇关于gdb是否暂时给页面写入权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！