Mark `process_vm_writev` as `unsafe`
KamilaBorowska opened this issue · comments
This function can be used to corrupt memory of the process itself when pid
is Pid::this()
. I think it would make sense to mark it as unsafe
in a major release of this crate, similar to how nix::sys::ptrace::write
is marked unsafe
.
Example usage of this function:
use nix::sys::uio::{process_vm_writev, RemoteIoVec};
use nix::unistd::Pid;
use std::io::IoSlice;
fn main() -> std::io::Result<()> {
let memory = [0u8; 5];
process_vm_writev(
Pid::this(),
&[IoSlice::new(&[1, 2, 3, 4, 5])],
&[RemoteIoVec {
base: memory.as_ptr() as usize,
len: 5,
}],
)?;
println!("{memory:?}");
Ok(())
}
This is problematic as it edits immutable memory.
The Rust consensus is that "special operating system stuff" that can crash a process needn't be unsafe
. Instead, these features are considered to be beyond the boundary of language design. Otherwise, even std::io::Write::write
would need to be unsafe
, because you could crash your process by opening /dev/mem
and writing to it.
sys::ptrace::write
is actually unsafe for a different reason. See 856f841 .