Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Apr 2018 11:18:02 -0400
From:      Ali Mashtizadeh <mashtizadeh@gmail.com>
To:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Cc:        Ali Mashtizadeh <ali@mashtizadeh.com>
Subject:   Broken exect() libc call
Message-ID:  <CAFL8=tiN=ZuWXkzegTU9_T94MCvuKqmLWjR_UdwAfWfUgWqCTA@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hello Everyone,

I noticed exect() is an old BSD specific libc function that is supposed to
enable tracing on the child process.  In all modern platforms it has a
faulty implementation dating back to the CSRG source code.  FreeBSD lacks
the code for several platforms and it appears that there are no users. Even
gdb in the CSRG repository used the ptrace(PT_TRACE_ME, ...) function that
is portable.

Originally, on the VAX exect() sets the trap flag (PSL_T) which does not
trigger a trap until the new executable image is loaded.  This is because a
trace fault is raised when the PSL_TP flag is set.  exect() code would set
PSL_T which during the execution of an instruction the processor copies the
value of PSL_T to PSL_TP at the end of its cycle.  The instruction that
sets the trap flag does not set PSL_TP and the system call instruction
copies PSL_T to PSL_TP.  The the first instruction in the executable image
will trigger a trace fault.  See E.5.3 in [1] below and CSRG source [2].

Other platforms either called execve (when the processor does not allow
user space to directly control tracing) or provided the same faulty
implementation (present in the i386 version).  If you search the CSRG
repository this system call was only used by adb/sdb which at the time
contained ptrace(PT_TRACE_ME,....) call as well.

Older versions of Mac OS X contained the documentation for the call, but it
has since been removed.  NetBSD/OpenBSD contains a deprecated function that
calls to execve written in C that warns you when you link against it.

If there's no objects I've copied the NetBSD file, removed any MD
assemblies still present, and amended the man page.

Alternative solutions:
1) Provide C code to call ptrace(PT_TRACE_ME, ...) + execve.  This more
closely emulates exect().
2) Remove the call entirely

https://reviews.freebsd.org/D14989

[1] http://www.livingcomputers.org/Discover/Online-Systems/
User-Documentation/OpenVMS-7-3/5_VAX_Macro_Assembler_Reference.aspx
[2]  https://svnweb.freebsd.org/csrg/lib/libc/vax/sys/exect.s?
revision=61222&view=markup
[3] http://gnats.netbsd.org/51700

Best,
Ali Mashtizadeh



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFL8=tiN=ZuWXkzegTU9_T94MCvuKqmLWjR_UdwAfWfUgWqCTA>