Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: strace can lie
From: pavel () UCW CZ (Pavel Machek)
Date: Sat, 1 Jan 2000 21:26:17 +0100

Hi!


When you see snippet from strace, that says:

open("/etc/passwd", O_RDONLY)           = 3

Do you trust it? You should not.


I'm not sure what your point is, really. strace shows that /etc/passwd
got opened successfully and returned file descriptor 3. If the open()
failed, you'd see -1 as the return value.


I'm pointing out that application could have _any other_ file
opened. Name is not to be trusted because it could have changed
between strace printing it and kernel doing the syscall.
                                                        

What's deceptive about strace?


That it is not safe w.r.t. races.

--
I'm pavel () ucw cz  "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at discuss () linmodems org

  By Date           By Thread  

Current thread:
  • Re: strace can lie Pavel Machek (Dec 28)
    • <Possible follow-ups>
    • Re: strace can lie Pavel Machek (Jan 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]