我正在调试 Linux DNS 服务器的问题。奇怪的是,当我查看 DNS 服务器进程的 /proc/PID/maps 时,我得到的是:
00000000-00000000 r-xp 00000000 00:0e 2344 /usr/sbin/unbound
00000000-00000000 rw-p 00000000 00:0e 2344 /usr/sbin/unbound
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:00 0 [heap]
00000000-00000000 rw-p 00000000 00:00 0 [heap]
00000000-00000000 r-xp 00000000 00:0e 2009 /usr/lib/engines/libgost.so (deleted)
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 2009 /usr/lib/engines/libgost.so (deleted)
00000000-00000000 r-xp 00000000 00:0e 2016 /usr/lib/engines/libpadlock.so (deleted)
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 2016 /usr/lib/engines/libpadlock.so (deleted)
00000000-00000000 r-xp 00000000 00:0e 2333 /lib/libz.so.1.2.8
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 2333 /lib/libz.so.1.2.8
00000000-00000000 r-xp 00000000 00:0e 1760 /lib/libdl-0.9.33.2.so
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 r--p 00000000 00:0e 1760 /lib/libdl-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:0e 1760 /lib/libdl-0.9.33.2.so
00000000-00000000 r-xp 00000000 00:0e 3083 /usr/lib/libgcc_s.so.1
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 3083 /usr/lib/libgcc_s.so.1
00000000-00000000 r-xp 00000000 00:0e 1761 /lib/libuClibc-0.9.33.2.so
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 r--p 00000000 00:0e 1761 /lib/libuClibc-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:0e 1761 /lib/libuClibc-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:00 0
00000000-00000000 r-xp 00000000 00:0e 3085 /lib/libpthread-0.9.33.2.so
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 r--p 00000000 00:0e 3085 /lib/libpthread-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:0e 3085 /lib/libpthread-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:00 0
00000000-00000000 r-xp 00000000 00:0e 2002 /lib/libcrypto.so.1.0.0 (deleted)
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 2002 /lib/libcrypto.so.1.0.0 (deleted)
00000000-00000000 rw-p 00000000 00:00 0
00000000-00000000 r-xp 00000000 00:0e 3181 /usr/lib/libevent-2.0.so.5.1.9
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 3181 /usr/lib/libevent-2.0.so.5.1.9
00000000-00000000 r-xp 00000000 00:0e 3189 /usr/lib/libldns.so.1.6.17
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 3189 /usr/lib/libldns.so.1.6.17
00000000-00000000 r-xp 00000000 00:0e 2335 /lib/libssl.so.1.0.0 (deleted)
00000000-00000000 ---p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:0e 2335 /lib/libssl.so.1.0.0 (deleted)
00000000-00000000 r-xp 00000000 00:0e 1755 /lib/ld64-uClibc-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:00 0
00000000-00000000 rw-p 00000000 00:00 0
00000000-00000000 r-xp 00000000 00:00 0 [vdso]
00000000-00000000 r--p 00000000 00:0e 1755 /lib/ld64-uClibc-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:0e 1755 /lib/ld64-uClibc-0.9.33.2.so
00000000-00000000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r--p 00000000 00:00 0 [vsyscall]
我以前从未见过这样的事情。除 vsyscall 页面外,所有地址均为零!你知道那是什么意思吗?
最佳答案
我找到了 discussion in Valgrind mail list当有人遇到同样的问题时。问题是内核已经用 PaX 补丁打了补丁,其中一个补丁不允许查看 /proc/pid/maps。
关于补丁的引用from wikipedia
The second and third classes of attacks are also possible with 100% reliability, if the attacker needs advance knowledge of address space layout and can derive this knowledge by reading the attacked task's address space. This is possible if the target has a bug which leaks information, e.g., if the attacker has access to /proc/(pid)/maps. There is an obscurity patch which NULLs out the values for the address ranges and inodes in every information source accessible from userland to close most of these holes; however, it is not currently included in PaX.
尽管目前没有包含补丁,但邮件列表中的问题已通过 PaX 实用程序解决。 IE。它可以用 chpax utility 改变在每个二进制文件的基础上进行权限修改,从而允许禁用对特定二进制文件的限制。
关于linux - 如果/proc/PID/maps 对所有地址都显示为零,这表明什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30986955/