Bugtraq mailing list archives
strace can lie
From: Misha_Dankov () F9 N5037 Z2 FIDONET ORG (Misha Dankov)
Date: Tue, 28 Dec 1999 12:51:32 +0300
Hello, all!
Any ideas how to get rid of this problem? It is nasty. It is very nasty and makes strace unusable for anything security-sensitive.
dM> Unfortunately, as long as the information is fetched from dM> userland by userland via ptrace, with an opportunity for it to dM> change before the kernel uses it, there is no hope for dM> eliminating the race. dM> If you really feel ambitious, you could try to make Linux support dM> ktrace. :-) I beleive there is a workaround: one can assign RealTime Scheduler to debugger process (sched_setscheduler (strace_pid, SCHED_FIFO, p)) so it will preempt any of processess being debugged. Of course, scheduling priority of strace should be higher than one of process if process works under RT scheduler too. SY, Misha. [Linux Unregistered User]
Current thread:
- strace can lie Pavel Machek (Dec 25)
- Re: strace can lie Sampo Savolainen (Dec 28)
- Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K Ussr Labs (Dec 28)
- <Possible follow-ups>
- Re: strace can lie der Mouse (Dec 27)
- strace can lie Misha Dankov (Dec 28)