[13186] in bugtraq
Re: strace can lie
daemon@ATHENA.MIT.EDU (Pavel Machek)
Sun Jan 2 15:43:44 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000101212617.A257@bug.ucw.cz>
Date: Sat, 1 Jan 2000 21:26:17 +0100
Reply-To: Pavel Machek <pavel@UCW.CZ>
From: Pavel Machek <pavel@UCW.CZ>
X-To: Scott Michel <scottm@aero.org>, Pavel Machek <pavel@SUSE.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9912291016510.14403-100000@springbok.aero.org>;
from Scott Michel on Wed, Dec 29, 1999 at 10:18:11AM -0800
Hi!
> > When you see snippet from strace, that says:
> >
> > open("/etc/passwd", O_RDONLY) = 3
> >
> > Do you trust it? You should not.
>
> I'm not sure what your point is, really. strace shows that /etc/passwd
> got opened successfully and returned file descriptor 3. If the open()
> failed, you'd see -1 as the return value.
I'm pointing out that application could have _any other_ file
opened. Name is not to be trusted because it could have changed
between strace printing it and kernel doing the syscall.
> What's deceptive about strace?
That it is not safe w.r.t. races.
--
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at discuss@linmodems.org
