Vulnerability Development mailing list archives
Re: Capturing System Calls
From: tgarris () FRAMELOSS ORG (Todd Garrison)
Date: Thu, 22 Jun 2000 18:56:30 -0600
You can get *alot* of information in Linux from the /proc filesystem... (FreeBSD isn't quite as revealing. - I don't have any solaris around til tommorow - can someone else see what a sun will give up?) There was another utility that watches open file descriptors, but I can't seem to remember what it was called (its damned useful too - works just like ps) for example here is named running on a RH6 machine I have just cd into /proc/<process_id>/ example ala script :) [root@digirati 22314]# ls -l total 0 -r--r--r-- 1 root root 0 Jun 22 18:42 cmdline lrwx------ 1 root root 0 Jun 22 18:42 cwd -> /var/named -r-------- 1 root root 0 Jun 22 18:42 environ lrwx------ 1 root root 0 Jun 22 18:42 exe -> /usr/sbin/named dr-x------ 2 root root 0 Jun 22 18:42 fd pr--r--r-- 1 root root 0 Jun 22 18:42 maps -rw------- 1 root root 0 Jun 22 18:42 mem lrwx------ 1 root root 0 Jun 22 18:42 root -> / -r--r--r-- 1 root root 0 Jun 22 18:42 stat -r--r--r-- 1 root root 0 Jun 22 18:42 statm -r--r--r-- 1 root root 0 Jun 22 18:42 status [root@digirati 22314]# more cmdline /usr/sbin/named [root@digirati 22314]# more environ USERNAME=root^@ENV=/root/.bashrc^@HISTSIZE=1000^@HOSTNAME=digirati^@LOGNAME=root^@HISTFILESIZE=1000^@MAIL=/var/spool/mail/root^@TERM=xter m^@HOSTTYPE=i386^@PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin^@HOME=/root^@INPUTRC=/e tc/inputrc^@SHELL=/bin/bash^@USER=root^@OSTYPE=Linux^@_=/usr/sbin/named^@SHLVL=2 [root@digirati 22314]# ls -l fd total 0 lrwx------ 1 root root 64 Jun 22 18:42 0 -> /dev/null lrwx------ 1 root root 64 Jun 22 18:42 1 -> /dev/null lrwx------ 1 root root 64 Jun 22 18:42 2 -> /dev/null lrwx------ 1 root root 64 Jun 22 18:42 20 -> socket:[254824] lrwx------ 1 root root 64 Jun 22 18:42 21 -> socket:[254825] lrwx------ 1 root root 64 Jun 22 18:42 22 -> socket:[254826] lrwx------ 1 root root 64 Jun 22 18:42 23 -> socket:[254827] lrwx------ 1 root root 64 Jun 22 18:42 24 -> socket:[254828] lrwx------ 1 root root 64 Jun 22 18:42 25 -> socket:[254829] lrwx------ 1 root root 64 Jun 22 18:42 26 -> socket:[254830] lrwx------ 1 root root 64 Jun 22 18:42 27 -> socket:[254831] lrwx------ 1 root root 64 Jun 22 18:42 28 -> socket:[254832] lrwx------ 1 root root 64 Jun 22 18:42 29 -> socket:[254833] lrwx------ 1 root root 64 Jun 22 18:42 3 -> socket:[254817] lrwx------ 1 root root 64 Jun 22 18:42 4 -> socket:[254834] lrwx------ 1 root root 64 Jun 22 18:42 5 -> socket:[254820] [root@digirati 22314]# more maps 08048000-080c1000 r-xp 00000000 03:01 143493 /usr/sbin/named 080c1000-080c6000 rw-p 00078000 03:01 143493 /usr/sbin/named 080c6000-08116000 rwxp 00000000 00:00 0 40000000-40012000 r-xp 00000000 03:01 30722 /lib/ld-2.1.1.so 40012000-40013000 rw-p 00011000 03:01 30722 /lib/ld-2.1.1.so 40013000-40014000 rwxp 00000000 00:00 0 40017000-400fd000 r-xp 00000000 03:01 30729 /lib/libc-2.1.1.so 400fd000-40102000 rw-p 000e5000 03:01 30729 /lib/libc-2.1.1.so 40102000-401a8000 rw-p 00000000 00:00 0 bfffb000-c0000000 rwxp ffffc000 00:00 0[root@digirati 22314]# more status Name: named State: S (sleeping) Pid: 22314 PPid: 1 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 32 Groups: 0 1 2 3 4 6 10 VmSize: 2528 kB VmLck: 0 kB VmRSS: 1536 kB VmData: 988 kB VmStk: 20 kB VmExe: 484 kB VmLib: 992 kB SigPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 0000000000000000 SigCgt: 0000000009015a0b CapInh: 00000000fffffeff CapPrm: 00000000fffffeff CapEff: 00000000fffffeff
Current thread:
- Re: Capturing System Calls Oliver Friedrichs (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- <Possible follow-ups>
- Re: Capturing System Calls Robert G. Ferrell (Jun 22)
- Re: Capturing System Calls Everhart, Glenn (FUSA) (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Whyte, Jesse (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 23)
- Re: Capturing System Calls TeeSPy (Jun 23)
- Re: Capturing System Calls Job de Haas (Jun 23)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Marcy Abene (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Joel Eriksson (Jun 23)
- Re: Capturing System Calls Darren Moffat - Solaris Sustaining Engineering (Jun 23)