Secure OS Software for Linux
cancel
Showing results for 
Search instead for 
Did you mean: 

strace under mcga??

Kevin Swift
Occasional Contributor

strace under mcga??

I was trying to wrap a cgi binary with a script that calls strace ie. replace the binary with a script like so.

#!/bin/bash

/usr/bin/strace -o /tmp/output /path/to/renamed/binary


All I get in the strace log is

execve("/path/to/renamed/binary", ["/path/to/renamed/binary"], [/* 32 vars */]) = 0


Anyone know how to set this up correctly?

The wrap works fine if you run it from a shell in the mcga compartment.


Thanks,


Kevin
2 REPLIES
Ron Vladick
Advisor

Re: strace under mcga??

Kevin,

I have reproduced your problem and made a bit of headway but I still am not able to get strace to work as a wrapper or in a cgi.

The first issue was that strace was having a permission problem with a sealed compartment of mcga, so I modified the /etc/tlinux/init/startup and commented out the sealed section, and restarted the mcga.

After that I straced the mcga process, to see if there were any more permission type problems. This is where I am stuck, strace gave me a -l ENOSYS when trying to execve the strace command. See strace snippet at bottom.

I am not sure if the chroot environment is sufficient for strace to run inside of the mcga or if this is a security/permisions issue.

My cgi was very simple wrapper for /bin/ls

Here is a section of the strace info for mcga:

1113 execve("/usr/bin/strace",["/usr/bin/strace","-o","/tmp/ls.out",
"/bin/ls","-l"],[/* 29 vars */])=-1 ENOSYS(Function not implemented)

1113 execve(0x80d0fcc, [0x80d2bcc], [/* 0 vars */]) = -1 ENOSYS(Function not implemented)

Dan Am
Frequent Advisor

Re: strace under mcga??

As an aside, maybe you could try the HP-LX way and use aud_write(3) to collect your information. Provided you have access to the source of your binary.
do what you can. don't if you can't.