Re: strace can lie

Subject: Re: strace can lie
From: Pavel Machek (pavelUCW.CZ)
Date: Sat Jan 01 2000 - 14:26:17 CST

• Next message: John Archie: "Re: majordomo local exploit"
• Previous message: Pavel Machek: "Re: strace can lie"
• Maybe reply: Pavel Machek: "Re: strace can lie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > When you see snippet from strace, that says:
> >
> > open("/etc/passwd", O_RDONLY) = 3
> >
> > Do you trust it? You should not.
>
> I'm not sure what your point is, really. strace shows that /etc/passwd
> got opened successfully and returned file descriptor 3. If the open()
> failed, you'd see -1 as the return value.

I'm pointing out that application could have _any other_ file
opened. Name is not to be trusted because it could have changed
between strace printing it and kernel doing the syscall.
                                                        
> What's deceptive about strace?

That it is not safe w.r.t. races.

--
I'm pavelucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at discusslinmodems.org

• Next message: John Archie: "Re: majordomo local exploit"
• Previous message: Pavel Machek: "Re: strace can lie"
• Maybe reply: Pavel Machek: "Re: strace can lie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Sun Jan 02 2000 - 14:32:14 CST