Date: Fri, 6 Apr 2018 11:18:02 -0400 From: Ali Mashtizadeh <mashtizadeh@gmail.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Cc: Ali Mashtizadeh <ali@mashtizadeh.com> Subject: Broken exect() libc call Message-ID: <CAFL8=tiN=ZuWXkzegTU9_T94MCvuKqmLWjR_UdwAfWfUgWqCTA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello Everyone, I noticed exect() is an old BSD specific libc function that is supposed to enable tracing on the child process. In all modern platforms it has a faulty implementation dating back to the CSRG source code. FreeBSD lacks the code for several platforms and it appears that there are no users. Even gdb in the CSRG repository used the ptrace(PT_TRACE_ME, ...) function that is portable. Originally, on the VAX exect() sets the trap flag (PSL_T) which does not trigger a trap until the new executable image is loaded. This is because a trace fault is raised when the PSL_TP flag is set. exect() code would set PSL_T which during the execution of an instruction the processor copies the value of PSL_T to PSL_TP at the end of its cycle. The instruction that sets the trap flag does not set PSL_TP and the system call instruction copies PSL_T to PSL_TP. The the first instruction in the executable image will trigger a trace fault. See E.5.3 in [1] below and CSRG source [2]. Other platforms either called execve (when the processor does not allow user space to directly control tracing) or provided the same faulty implementation (present in the i386 version). If you search the CSRG repository this system call was only used by adb/sdb which at the time contained ptrace(PT_TRACE_ME,....) call as well. Older versions of Mac OS X contained the documentation for the call, but it has since been removed. NetBSD/OpenBSD contains a deprecated function that calls to execve written in C that warns you when you link against it. If there's no objects I've copied the NetBSD file, removed any MD assemblies still present, and amended the man page. Alternative solutions: 1) Provide C code to call ptrace(PT_TRACE_ME, ...) + execve. This more closely emulates exect(). 2) Remove the call entirely https://reviews.freebsd.org/D14989 [1] http://www.livingcomputers.org/Discover/Online-Systems/ User-Documentation/OpenVMS-7-3/5_VAX_Macro_Assembler_Reference.aspx [2] https://svnweb.freebsd.org/csrg/lib/libc/vax/sys/exect.s? revision=61222&view=markup [3] http://gnats.netbsd.org/51700 Best, Ali Mashtizadeh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFL8=tiN=ZuWXkzegTU9_T94MCvuKqmLWjR_UdwAfWfUgWqCTA>