[Systrace] Odd Behavior under Debian Linux
marius aamodt eriksen
marius at monkey.org
Thu Jan 15 14:27:16 EST 2004
* jimd at starshine.org <jimd at starshine.org> [040115 13:04]:
> Then I used apt-get -f install systrace ("unstable")
> (Version: 1:20030623-3)
there is a bug that appears in linux that is fixed in the latest
version of the snapshot (on the webpage). what happened is that linux
added more system calls in .24; so systrace's system call table became
too small, causing systrace to segfault, and subsequently the kernel
to kill the user application (which is what it is supposed to do).
i'd suggest trying the latest snapshot.
> The really odd part is that it seems like I CAN run any of these
> commands under strace systrace! In other words, if I use a command
> like:
>
> strace -o /dev/null systrace /bin/ls ...
>
> ... it works! (But maybe the systrace isn't actually working?)
in this scenario, systrace is not working... strace changes the
syscall path and bypasses systrace. it seems that the latest patch
(1.4) does not intercept this path, which seems to be an accident on
my part; i will change this later today (i have a few other changes as
well, justifying v 1.5).
> (BTW: my Debian box had "snoopy" installed --- that's a
> little shared object/library that is put in /etc/ld.so.preload to log
> every execution of any binary on the system. However, I removed that
> /etc/ld.so.preload file for testing).
coincidentally, i am also the author of snoopy :-) this tool will not
affect systrace in any way.
marius.
--
marius a eriksen <marius at monkey.org> | http://monkey.org/~marius/
More information about the systrace
mailing list