strace can lie

From: Misha Dankov (Misha_Dankovat_private)
Date: Tue Dec 28 1999 - 01:51:32 PST

Next message: Ussr Labs: "Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT"

Previous message: Sampo Savolainen: "Re: strace can lie"
Next in thread: der Mouse: "Re: strace can lie"
Maybe reply: der Mouse: "Re: strace can lie"
Maybe reply: Sampo Savolainen: "Re: strace can lie"
Reply: Pavel Machek: "Re: strace can lie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, all!

 >> Any ideas how to get rid of this problem?  It is nasty.  It is
 >> very nasty and makes strace unusable for anything
 >> security-sensitive.

 dM> Unfortunately, as long as the information is fetched from
 dM> userland by userland via ptrace, with an opportunity for it to
 dM> change before the kernel uses it, there is no hope for
 dM> eliminating the race.

 dM> If you really feel ambitious, you could try to make Linux support
 dM> ktrace. :-)

  I beleive there is a workaround: one can assign RealTime Scheduler to
debugger process (sched_setscheduler (strace_pid, SCHED_FIFO, p)) so it will
preempt any of processess being debugged. Of course, scheduling priority of
strace should be higher than one of process if process works under RT
scheduler too.

SY, Misha. [Linux Unregistered User]

Next message: Ussr Labs: "Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT"
Previous message: Sampo Savolainen: "Re: strace can lie"
Next in thread: der Mouse: "Re: strace can lie"
Maybe reply: der Mouse: "Re: strace can lie"
Maybe reply: Sampo Savolainen: "Re: strace can lie"
Reply: Pavel Machek: "Re: strace can lie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:45 PDT