- Apport, - Ubuntu
- Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 - Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 - Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 - Apport: Ubuntu 16.04 - Before 2.20.1-0ubuntu2.30
Apport checks if the process was replaced after the crash by comparing between two variables, apport_start and process_start.
process_start gets the start time of the process by parsing the content of /proc/pid/stat file.
The start time is extracted from the 22 column of the /proc/pid/stat file.
def get_starttime(contents):
'''Extracts the starttime from the contents of a stat file'''
# 22nd field in a stat file is the time the process started after
# system boot in clock ticks.
return int(contents.split()[21])
We are able to bypass this check by recycle the pid with a process with “ “(space) in its filename, causing process_start to have the wrong value (which is smaller than apport_start).