# copy-on-write text pages when forking



## fluca1978 (Sep 13, 2011)

Hi all,
if I get it right, when a fork is performed the pages that contain text code are cloned using a copy-on-write technique, and the reason is that if a debugger is running attached to the cloned process, the text can be modified without affecting the parent of the process.
Now, I have no idea of what happens when a debugger runs, but I thought that the text area was never ever modifiable under any circumstance, and the above seems to destruct my belief. Anyone can explain me better what happens in such case?
Thanks


----------



## trasz@ (Sep 13, 2011)

After fork, all of the pages (except for shared memory, either SysV or POSIX) are copy-on-write.  Debugger uses ptrace(2) to write to the address space of debugged process.  Since it's COW, other processes are not affected.


----------



## fluca1978 (Sep 15, 2011)

Fine, searching a bit more I found that ptrace has flags to write inidcate the need to write instruction words and data. But this means that the text area is modifiable why the process is running. Even if this a special case (debugging applications), isn't this a problem with security?


----------



## xibo (Sep 15, 2011)

You can only attach to a process running with your user ID.


----------



## trasz@ (Sep 19, 2011)

Unless you're root.  And of course there are additional restrictions due to jails (you cannot attach to a process with your UID running inside some other jail) and MAC.


----------

