HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Secure OS Software for Linux
Showing results for 
Search instead for 
Did you mean: 

strace under mcga??

Kevin Swift
Occasional Contributor

strace under mcga??

I was trying to wrap a cgi binary with a script that calls strace ie. replace the binary with a script like so.


/usr/bin/strace -o /tmp/output /path/to/renamed/binary

All I get in the strace log is

execve("/path/to/renamed/binary", ["/path/to/renamed/binary"], [/* 32 vars */]) = 0

Anyone know how to set this up correctly?

The wrap works fine if you run it from a shell in the mcga compartment.


Ron Vladick

Re: strace under mcga??


I have reproduced your problem and made a bit of headway but I still am not able to get strace to work as a wrapper or in a cgi.

The first issue was that strace was having a permission problem with a sealed compartment of mcga, so I modified the /etc/tlinux/init/startup and commented out the sealed section, and restarted the mcga.

After that I straced the mcga process, to see if there were any more permission type problems. This is where I am stuck, strace gave me a -l ENOSYS when trying to execve the strace command. See strace snippet at bottom.

I am not sure if the chroot environment is sufficient for strace to run inside of the mcga or if this is a security/permisions issue.

My cgi was very simple wrapper for /bin/ls

Here is a section of the strace info for mcga:

1113 execve("/usr/bin/strace",["/usr/bin/strace","-o","/tmp/ls.out",
"/bin/ls","-l"],[/* 29 vars */])=-1 ENOSYS(Function not implemented)

1113 execve(0x80d0fcc, [0x80d2bcc], [/* 0 vars */]) = -1 ENOSYS(Function not implemented)

Dan Am
Frequent Advisor

Re: strace under mcga??

As an aside, maybe you could try the HP-LX way and use aud_write(3) to collect your information. Provided you have access to the source of your binary.
do what you can. don't if you can't.