clone() and Glibc - Frederico Silva Correa

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Frederico Silva Correa <fscorrea@inf.ufrgs.br>
To: libc-alpha@sourceware.org
Subject: clone() and Glibc
Date: Thu, 30 Mar 2023 20:35:16 -0300	[thread overview]
Message-ID: <9b0e446e29a20f2ad1903e5cf681bffa@inf.ufrgs.br> (raw)

Dear developers of the GNU libc:

At the quality of a novice, recently graduated in CS (despite familiarized 
with both C and C++), I found myself puzzled by a little issue.

Glibc provides a wrapper for the clone() system call, which receives 
parameters in the following order:

- a pointer to the function "func" to be run by the child thread;
- a base address for the child stack (we'll be back here), since I'm passing 
CLONE_VM, therefore sharing memory thus unable to reuse the parent thread's 
stack addresses;
- 0x100 or the flag CLONE_VM;
- a pointer to the arguments to be passed to "func" and run with the child 
thread.

Automatic storage local variables are usually placed into the stack, which 
remains more or less a fixed value, decided when the application is run, is 
that correct?
Very well. What, then, would be a stack frame whose "base address" I myself 
malloc'd (at the HEAP) then arbitrarily decided that space --- again, a 
priori in the heap --- to be treated like a stack frame pertaining to the 
child thread.

How am I supposed to interpret all of this? The space allocated at the heap 
need to be freed in the first place? Is this so-called "stack" on the heap? 
Or is it a regular stack frame? What about the potential threatens related to 
e.g. ret2plt and format string attacks?

I'd be very pleased to have these questions clarified, both as a language 
enthusiast and as an user with security worries.

Thanks in advance.

-- 
Frederico Corrêa - 118775

next             reply	other threads:[~2023-03-30 23:35 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-30 23:35 Frederico Silva Correa [this message]
2023-03-31 12:52 ` Adhemerval Zanella Netto

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9b0e446e29a20f2ad1903e5cf681bffa@inf.ufrgs.br \
    --to=fscorrea@inf.ufrgs.br \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).