ptrace problem - confounded, dazed and confused at the inconsistencies

ptrace problem - confounded, dazed and confused at the inconsistencies

Shachar Shemesh shachar at shemesh.biz
Wed Oct 27 14:07:02 IST 2010 

Hi all,

I know that so much as types "man ptrace" is stepping into uncharted 
territory, that I should abandon hope all ye' who enter here, etc.

Background - I am maintainer and author of an open source program called 
"fakeroot-ng"[1]. This program uses the ptrace interface in order to 
fool programs running into thinking they are running as the root user. 
Part of the magic needs to be to be able to continue tracing processes, 
even after they spawn new processes, threads, etc.

There is a small utility that I hope most of you know (and if you don't, 
install and read its manual now. It is on the must know list) called 
"strace". It runs a process through the ptrace interface, dumping to the 
screen or a file all system calls that said process is performing. If 
the "-f" flag is given to strace, it, too, will try to keep child 
processes and threads under its control. Being the unoriginal bloke that 
I am, I shamelessly and without remorse copied strace's way of doing 
this into fakeroot-ng.

In a nutshell, all "forks" and other forms are mapped into a call to the 
"clone" system call. The flag "CLONE_PTRACE" is added to the call. As a 
result, the kernel is certain that the process asked it to attach the 
parent's debugger to the child. For processes, this works beautifully, 
both for fakeroot-ng and for strace.

For threads, there is a strange set of events taking place. Both for 
strace and for fakeroot-ng, the clone system call gets modified. For 
both, the new thread created has the same debugger as the parent. For 
strace, the debugger runs "wait", receives the child's pid, and handles 
it accordingly. For fakeroot-ng, "wait" never reports the child.

Running strace on the debugger shows that the exact same ptrace commands 
are sent. I will happily send them to anyone who wishes to have a look.

How can two programs do the same thing on the same system, and yet get 
such different results?

Shachar

[1] http://fakeroot-ng.lingnu.com

-- 
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

More information about the Linux-il mailing list