ptrace problem - confounded, dazed and confused at the inconsistencies
shimi
linux-il at shimi.net
Wed Oct 27 15:38:14 IST 2010
On Wed, Oct 27, 2010 at 2:07 PM, Shachar Shemesh <shachar at shemesh.biz>wrote:
>
> For threads, there is a strange set of events taking place. Both for strace
> and for fakeroot-ng, the clone system call gets modified. For both, the new
> thread created has the same debugger as the parent. For strace, the debugger
> runs "wait", receives the child's pid, and handles it accordingly. For
> fakeroot-ng, "wait" never reports the child.
>
> Running strace on the debugger shows that the exact same ptrace commands
> are sent. I will happily send them to anyone who wishes to have a look.
>
> How can two programs do the same thing on the same system, and yet get such
> different results?
>
>
Not that I am an expert in this (I wouldn't even say I am novice ;) just a
simple many-years-strace-user...), I am really guessing here and may be
saying complete nonsense :)
...But perhaprs it's related to the fact that in your implementation they
(the tracer and the tracee) both run on different UIDs (with the tracing
process trying to trace a process that runs by a different user [which btw
is 'more powerful']) and that's sort of a security feature?
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20101027/b5938014/attachment.html>
More information about the Linux-il
mailing list