Add high-level wrappers for some common ptrace routines and mark nix::sys::ptrace::ptrace as unsafe.

marmistrz · marmistrz · commit 067f937f087c · 2017-07-14T11:38:29.000+02:00
`nix::sys::ptrace::ptrace` is unsafe by design. Its incorrect usage may
lead to race conditions or crashes, and according to this post [1]
should be marked unsafe.

Additionally, wrappers with typically Rusty API have been introduced for
some of the common ptrace routines. It is not a complete coverage and
this subject should be revisited in the future.

Some of these are `unsafe` by the sheer specification and have been marked so.
diff --git a/src/sys/ptrace.rs b/src/sys/ptrace.rs
@@ -70,9 +70,12 @@ mod ffi {
     }
 }
 
-/// Performs a ptrace request. If the request in question is provided by a specialised function
+/// A low-level wrapper for `ptrace`. If available, the higher-level wrappers should be considered instead.
+/// Performs a `ptrace` request. If the request in question is provided by a specialised function
 /// this function will return an unsupported operation error.
-pub fn ptrace(request: ptrace::PtraceRequest, pid: Pid, addr: *mut c_void, data: *mut c_void) -> Result<c_long> {
+///
+/// When used incorrectly, this function may crash the tracer or the tracee, thus is marked `unsafe`.
+pub unsafe fn ptrace(request: ptrace::PtraceRequest, pid: Pid, addr: *mut c_void, data: *mut c_void) -> Result<c_long> {
     use self::ptrace::*;
 
     match request {
@@ -202,12 +205,19 @@ pub fn traceme() -> Result<()> {
 }
 
 /// Makes the `PTRACE_PEEKDATA` request to ptrace
-pub fn peekdata(pid: Pid, addr: c_long) -> Result<c_long> {
+/// 
+/// This function allows to access arbitrary data in the traced process
+/// and may crash the inferior if used incorrectly and is thus marked `unsafe`.
+pub unsafe fn peekdata(pid: Pid, addr: c_long) -> Result<c_long> {
     ptrace(ptrace::PTRACE_PEEKDATA, pid, addr as *mut c_void, ptr::null_mut())
 }
 
 /// Makes the `PTRACE_PEEKDATA` request to ptrace
-pub fn pokedata(pid: Pid, addr: c_long, val: c_long) -> Result<()> {
+///
+/// This function allows to access arbitrary data in the traced process
+/// and may crash the inferior or introduce race conditions if used 
+/// incorrectly and is thus marked `unsafe`.
+pub unsafe fn pokedata(pid: Pid, addr: c_long, val: c_long) -> Result<()> {
     ptrace(
         ptrace::PTRACE_POKEDATA,
         pid,
