On 20 Oct 2008, at 14:08, Glenn Fowler wrote:
>
> can you truss the bad machine to see the tr read and write calls
>
It isn't very illuminating I'm afraid:
bash-3.2$ truss -a -f -texecve,read,write sh /home/cjr/od.sh
19933: execve("/usr/bin/i86/ksh93", 0x0804798C, 0x08047998) argc = 2
19933: argv: sh /home/cjr/od.sh
19933: read(10, " # ! / b i n / s h\n t y".., 8192) = 63
19933: read(10, 0x080736A0, 8192) = 0
echo is a shell builtin
tr is a tracked alias for /usr/bin/tr
od is a tracked alias for /usr/bin/od
19933: write(1, " e c h o i s a s h".., 100) = 100
19934: write(1, " A\n", 2) = 2
19933: Received signal #18, SIGCLD [caught]
19933: siginfo: SIGCLD CLD_EXITED pid=19934 status=0x0000
19936: execve("/usr/bin/tr", 0x080675A8, 0x08067658) argc = 3
19936: argv: tr A \301
19933: execve("/usr/bin/od", 0x08067610, 0x08067658) argc = 2
19933: argv: od -c
19936: read(0, " A\n", 5120) = 2
19936: read(0, 0x08169B14, 5120) = 0
19936: write(1, " A\n", 2) = 2
19933: read(0, " A\n", 5120) = 2
19933: read(0, 0x08067B5C, 5120) = 0
000000019933: write(1, " 0 0 0 0 0 0 0", 7) = 7
A \n
19933: write(1, " A \ n\n", 9) = 9
000000219933: write(1, " 0 0 0 0 0 0 2", 7) = 7
19933: write(1, "\n", 1) = 1
I've removed the searches along $PATH just for brevity. Is there any
dtruss wizardry to get exactly what bytes are being sent in argv[2] to
tr? (I'm suspicious of those single quotes/naked backslash.)
Cheers,
Chris
