The 6.16 kernel will include a number of changes to how the kernel handles the processing of core dumps for crashed processes. Christian Brauner explained his reasons for doing this work as: "Because I'm a clown and also I had it with all the CVEs because we provide a \*\*\*\* API for userspace". The handling of core dumps has indeed been a constant source of vulnerabilities; with luck, the 6.16 work will result in rather fewer of them in the future.
Linux 6.16 内核将对处理崩溃进程的 core dump(核心转储)方式进行一系列改进。Christian Brauner 解释他进行这项工作的原因是:“因为我是个小丑,而且我受够了这些 CVE 漏洞,因为我们为用户空间提供了一个糟糕透顶的 API。”事实上,core dump 的处理一直是漏洞的温床;希望 6.16 的这项工作能大幅减少这类问题。
---
**The problem with core dumps**
**core dump 的问题**
A core dump is an image of a process's data areas — everything except the executable text; it can be used to investigate the cause of a crash by examining a process's state at the time things went wrong. Once upon a time, Unix systems would routinely place a core dump into a file called core in the current working directory when a program crashed. The main effects of this practice were to inspire system administrators worldwide to remove core files daily via cron jobs, and to make it hazardous to use the name core for anything you wanted to keep. Linux systems can still create core files, but are usually configured not to.
Core dump 是一个进程数据区(不包括可执行代码)的映像;通过查看进程在崩溃时的状态,开发人员可以分析其崩溃原因。早期的 Unix 系统在程序崩溃时,会默认将 core dump 写入当前工作目录下名为 `core` 的文件中。这种做法的后果是全球的系统管理员都需要通过 cron 定时任务每天清理 core 文件,并且“core”这个名字也成了不宜用来保存其他重要文件的危险名称。如今的 Linux 系统仍然支持生成 core 文件,但通常配置为默认不生成。
An alternative that is used on some systems is to have the kernel launch a process to read the core dump from a crashing process and, presumably, do something useful with it. This behavior is configured by writing an appropriate string to the core\_pattern sysctl knob. A number of distrib
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
