|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: strace can lie
Subject: Re: strace can lie
From: Pavel Machek (pavel
SUSE.CZ)
Date: Tue Dec 28 1999 - 16:18:20 CST
- Next message: Pavel Machek: "Re: strace can lie"
- Previous message: Justin Tripp: "HP's Security Bulletins Digest (fwd)"
- Next in thread: Pavel Machek: "Re: strace can lie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi!
> >> Any ideas how to get rid of this problem? It is nasty. It is
> >> very nasty and makes strace unusable for anything
> >> security-sensitive.
>
> dM> Unfortunately, as long as the information is fetched from
> dM> userland by userland via ptrace, with an opportunity for it to
> dM> change before the kernel uses it, there is no hope for
> dM> eliminating the race.
>
> dM> If you really feel ambitious, you could try to make Linux support
> dM> ktrace. :-)
>
> I beleive there is a workaround: one can assign RealTime Scheduler to
> debugger process (sched_setscheduler (strace_pid, SCHED_FIFO, p)) so it will
> preempt any of processess being debugged. Of course, scheduling priority of
> strace should be higher than one of process if process works under RT
> scheduler too.
That will not work on SMP machine, and it will not be reliable on UP,
either (what if you hit pagefault? what if tracer accesses filesystem
and sleeps?).
Pavel
-- I'm pavel
- Next message: Pavel Machek: "Re: strace can lie"
- Previous message: Justin Tripp: "HP's Security Bulletins Digest (fwd)"
- Next in thread: Pavel Machek: "Re: strace can lie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Sun Jan 02 2000 - 14:20:50 CST