How to open files a process has mmapped

How to open files a process has mmapped

[Corey Minyard]

I'm trying to solve a problem where a customer needs to be able to open 
a file a process has mmap-ed.  The trouble is that the file might be 
deleted (this is actually likely in this scenario) so I can't just open 
the file listed in /proc/<pid>/maps.

I have looked some at this, and I haven't come up with a good solution 
for this.  I have come up with the following solutions:

Open /proc/<pid>/mem and get the memory directly.  This has two problems:

    * You have to ptrace() the process to do this.  Actually, that seems
      a little silly.  Why do you have to ptrace() the process to do this?
    * The whole file might not be mapped, thus the section of the file
      that is interesting might not be in memory.

Another solution I thought of was to provide a /proc/<pid>/mapped_files 
directory that works like the /proc/<pid>/fd directory.  Unfortunately, 
it looks very difficult to implement this because of the need to provide 
consistent inodes.  For fds, you have an easy way to generate inodes 
with the fd number.  For mmap-ed memory, you don't have a relatively 
small number to do this with.

The last solution I could think of was to provide a way to open a file 
with using the major/minor/inode (since these are listed for the mapped 
files in the /proc/<pid>/maps file).  This is kind of ugly, but it's 
probably the best one I've thought of.

Any more ideas?  Maybe there's an easy way to do this that I haven't found.

-Corey

Re: How to open files a process has mmapped

[Alan Cox]

> a file a process has mmap-ed.  The trouble is that the file might be 
> deleted (this is actually likely in this scenario) so I can't just open 
> the file listed in /proc/<pid>/maps.

Well perhaps they should not have deleted it

> I have looked some at this, and I haven't come up with a good solution 
> for this.  I have come up with the following solutions:

You forgot fix the program to do sensible things. You can pass file handles
over AF_UNIX sockets for example, or you could rename the file so you can
find it then delete it later

> The last solution I could think of was to provide a way to open a file 
> with using the major/minor/inode (since these are listed for the mapped 
> files in the /proc/<pid>/maps file).  This is kind of ugly, but it's 
> probably the best one I've thought of.

Nice way to do security holes

Re: How to open files a process has mmapped

[Corey Minyard]

Alan Cox wrote:

>>a file a process has mmap-ed.  The trouble is that the file might be 
>>deleted (this is actually likely in this scenario) so I can't just open 
>>the file listed in /proc/<pid>/maps
>>
>Well perhaps they should not have deleted it
>
>>I have looked some at this, and I haven't come up with a good solution 
>>for this.  I have come up with the following solutions:
>>
>You forgot fix the program to do sensible things. You can pass file handles
>over AF_UNIX sockets for example, or you could rename the file so you can
>find it then delete it later
>
The customer is used to doing this on another operating system, and they 
have a system already designed that works this way.  I agree that there 
are more sensible solutions, but I have to think about this from my 
customer's point of view.  If a simple way to do this existed, it would 
save them time.

>>The last solution I could think of was to provide a way to open a file 
>>with using the major/minor/inode (since these are listed for the mapped 
>>files in the /proc/<pid>/maps file).  This is kind of ugly, but it's 
>>probably the best one I've thought of.
>>
>Nice way to do security holes
>
Obviously, this would be a root-only thing.  I don't think it opens up 
anything more than root already has, does it?  Or am I missing something?

-Corey