tracing system calls
Brent Callaghan
brent%terra at Sun.COM
Tue Sep 6 02:41:52 AEST 1988
In article <7460 at bigtex.uucp>, james at bigtex.uucp (James Van Artsdalen) writes:
>
> > $ trace date
>
> I count 8 closes, 6 mmaps, 5 opens, 3 reads, 2 munmaps, 1 write...
>
> What on earth does all of this have to do with printing the date and
> time??? getgid? ioctl? That's 36 system calls.
Most of the system calls in this example are taking care of the
mapping in of the shared libraries. The overhead is the same
for any dynamically linked process - it just looks top-heavy for
a program like "date". It's the classical time/space tradeoff:
it takes a little longer to get to the gettimeofday() but date
has a much smaller executable, uses the latest version of the
C library, and shares the same C library code as all the other
resident processes.
> I am curious about implementation though: if it will display
> the data for write(2) it would seem a security hole unless disabled
> for suid processes.
You're right. You can't trace suid processes unless you are
also superuser. The trace command is bound by the restrictions
already on the ptrace() system call. A suid program will run but
it won't have any of its suid-ness. Neither can you trace other
people's processes - they must be yours.
Made in New Zealand --> Brent Callaghan @ Sun Microsystems
uucp: sun!bcallaghan
phone: (415) 336 6188
More information about the Comp.unix.wizards
mailing list