Home page logo
/

bugtraq logo Bugtraq mailing list archives

strace can lie
From: Misha_Dankov () F9 N5037 Z2 FIDONET ORG (Misha Dankov)
Date: Tue, 28 Dec 1999 12:51:32 +0300


Hello, all!

Any ideas how to get rid of this problem?  It is nasty.  It is
very nasty and makes strace unusable for anything
security-sensitive.

 dM> Unfortunately, as long as the information is fetched from
 dM> userland by userland via ptrace, with an opportunity for it to
 dM> change before the kernel uses it, there is no hope for
 dM> eliminating the race.

 dM> If you really feel ambitious, you could try to make Linux support
 dM> ktrace. :-)

  I beleive there is a workaround: one can assign RealTime Scheduler to
debugger process (sched_setscheduler (strace_pid, SCHED_FIFO, p)) so it will
preempt any of processess being debugged. Of course, scheduling priority of
strace should be higher than one of process if process works under RT
scheduler too.

SY, Misha. [Linux Unregistered User]


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault