tracing system calls
Michael I. Bushnell
mike at turing.unm.edu
Sun Sep 4 18:53:42 AEST 1988
In article <7460 at bigtex.uucp> james at bigtex.UUCP (James Van Artsdalen) writes:
>
>I don't want to flame Sun over trace though: that is incredibly
>useful. I am curious about implementation though: if it will display
>the data for write(2) it would seem a security hole unless disabled
>for suid processes. Is there any possible way to write a similar
>program under SysVr3 without kernel modifications?
Trace(1) is undoubtably done using ptrace(2) in combination with an
option added by SUN that stops the process upon execution of and upon return
from system calls. If you don't modify your kernel to have this feature,
then trace(1) becomes a matter of tracing entry points to the C library...
that will find system calls executed the "normal" way, but not freaky things
like people writing code (on the fly) into their data segment and then
executing it.
And, since it probably uses ptrace(2), setuid is ignored for the process.
--
N u m q u a m G l o r i a D e o
Michael I. Bushnell
HASA - "A" division
mike at turing.unm.edu
{ucbvax,gatech}!unmvax!turing.unm.edu!mike
More information about the Comp.unix.wizards
mailing list