[Top] [All Lists]

strace on a linux/mips

Subject: strace on a linux/mips
From: "Gleb O. Raiko" <>
Date: Fri, 02 Apr 2004 13:41:58 +0400
Organization: NIISI RAN
Original-recipient: rfc822;

Strace can't follow fork on a linux/mips (on all kernels, mips, mips64,
o32, n32, etc).

When fork occurs, strace changes syscall number from fork to clone in v0
and sets CLONE_PTRACE in a0.
Unfortunately, a kernel forms an address of a syscall routine before
strace performs its dirty tricks. Thus, only thing strace can do is
playing with syscall routine's address via t2. It's not so useful
because strace doesn't know where a syscall table is in. Strace is still
able to change first 4 arguments, though.

BTW, opening t2 to the ptrace(2) interface isn't good thing too. I am
not sure I can gain root by pondering t2, but I'm sure it's a hole for a
DoS attack, at least. (For lazy people, a kernel restores t2 from the
stack and does jalr t2 after the process being traced is resumed.)

The solution is to repeat parsing syscall number (and number of
arguments) on return from syscall_trace.
Another solution is to call syscall_trace early, before parsing.

Have somebody got yet another idea?


<Prev in Thread] Current Thread [Next in Thread>
  • strace on a linux/mips, Gleb O. Raiko <=