[13118] in bugtraq
strace can lie
daemon@ATHENA.MIT.EDU (Misha Dankov)
Tue Dec 28 11:47:07 1999
Apparently-To: bugtraq@securityfocus.com
Message-Id: <946385523@f9.n5037.z2.fidonet>
Date: Tue, 28 Dec 1999 12:51:32 +0300
Reply-To: Misha Dankov <Misha_Dankov@F9.N5037.Z2.FIDONET.ORG>
From: Misha Dankov <Misha_Dankov@F9.N5037.Z2.FIDONET.ORG>
X-To: "bugtraq@securityfocus.com"
<bugtraq%securityfocus.com@p128.f9.n5037.z2.fidonet.org>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <2373240332@Twig.Rodents.Montreal.QC.CA>
Hello, all!
>> Any ideas how to get rid of this problem? It is nasty. It is
>> very nasty and makes strace unusable for anything
>> security-sensitive.
dM> Unfortunately, as long as the information is fetched from
dM> userland by userland via ptrace, with an opportunity for it to
dM> change before the kernel uses it, there is no hope for
dM> eliminating the race.
dM> If you really feel ambitious, you could try to make Linux support
dM> ktrace. :-)
I beleive there is a workaround: one can assign RealTime Scheduler to
debugger process (sched_setscheduler (strace_pid, SCHED_FIFO, p)) so it will
preempt any of processess being debugged. Of course, scheduling priority of
strace should be higher than one of process if process works under RT
scheduler too.
SY, Misha. [Linux Unregistered User]
