debuggerd: if PR_GET_DUMPABLE=0, don't ask for dumping
PR_GET_DUMPABLE is used by an application to indicate whether or
not core dumps / PTRACE_ATTACH should work.
Security sensitive applications often set PR_SET_DUMPABLE to 0 to
disable core dumps, to avoid leaking sensitive memory to persistent
storage. Similarly, they also set PR_SET_DUMPABLE to zero to prevent
PTRACE_ATTACH from working, again to avoid leaking the contents
of sensitive memory.
Honor PR_GET_DUMPABLE when connecting to debuggerd. If an application
has said it doesn't want its memory dumped, then we shouldn't
ask debuggerd to dump memory on its behalf.
FORTIFY_SOURCE tests: Modify the fortify_source tests to set
PR_SET_DUMPABLE=0. This reduces the total runtime of
/data/nativetest/bionic-unit-tests/bionic-unit-tests32 from approx
53 seconds to 25 seconds. There's no need to connect to debuggerd
when running these tests.
Bug: 16513137
(cherry picked from commit be0e43b776)
Change-Id: I6e1a9bce564e94fc19893d639b15f38c549cabfa
This commit is contained in:
Nick Kralevich
@@ -206,6 +206,15 @@ static bool have_siginfo(int signum) {
|
||||
}
|
||||
|
||||
static void send_debuggerd_packet(siginfo_t* info) {
|
||||
if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) {
|
||||
// process has disabled core dumps and PTRACE_ATTACH, and does not want to be dumped.
|
||||
// Honor that intention by not connecting to debuggerd and asking it
|
||||
// to dump our internal state.
|
||||
__libc_format_log(ANDROID_LOG_INFO, "libc",
|
||||
"Suppressing debuggerd output because prctl(PR_GET_DUMPABLE)==0");
|
||||
return;
|
||||
}
|
||||
|
||||
int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM);
|
||||
if (s == -1) {
|
||||
__libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s",
|
||||
|
||||
Reference in New Issue
Block a user