Re: debugging/tracing a setuid program

To: tech-userlevel%netbsd.org@localhost
Subject: Re: debugging/tracing a setuid program
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Fri, 5 May 2023 18:39:36 +0000

On Fri, May 05, 2023 at 08:29:41PM +0200, Edgar Fuß wrote:
> > (a) I'd say it shouldn't stop ktracing
> I suspect it stops as soon as sudo calls setuid.

I have been using it for years like Der Mouse suggested:

$ su
# ktrace -di su -l manu
$ sudo apachectl graceful

The full trace is recorded:
 28256      1 sudo     CALL  setuid(0)
 28256      1 sudo     RET   setuid 0
 28256      1 sudo     CALL  setreuid(0xffffffff,0)
 28256      1 sudo     RET   setreuid 0
 28256      1 sudo     CALL  setregid(0xffffffff,0xffffffff)
 28256      1 sudo     RET   setregid 0
 28256      1 sudo     CALL  mmap(0,0x6000,PROT_READ|PROT_WRITE,0x1002<PRIVATE,A
NONYMOUS,ALIGN=NONE>,0xffffffff,0,0,0)
 28256      1 sudo     RET   mmap -1163366400/0xbaa87000
 28256      1 sudo     CALL  ioctl(8,TIOCGETA,0xbf7fced0)


-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

References:
- debugging/tracing a setuid program
  - From: Edgar Fuß
- Re: debugging/tracing a setuid program
  - From: Mouse
- Re: debugging/tracing a setuid program
  - From: Edgar Fuß
- Re: debugging/tracing a setuid program
  - From: Mouse
- Re: debugging/tracing a setuid program
  - From: Edgar Fuß

Prev by Date: Re: debugging/tracing a setuid program
Next by Date: Re: debugging/tracing a setuid program
Previous by Thread: Re: debugging/tracing a setuid program
Next by Thread: Re: debugging/tracing a setuid program
Indexes:

Home | Main Index | Thread Index | Old Index