On Wed, Jul 10, 2013 at 12:22 AM, Jan Stary <[email protected]> wrote:
> On Jul 09 19:43:49, [email protected] wrote:
>> On 2013-07-09, Jan Stary <[email protected]> wrote:
>> > So the last thing in the kdump is the sucessfull call
>> > to the (eventually) found 'xterm'. Why is that?
>>
>> This is probably because of the setgid bit.
>
> Is this intended? Should ktrace stop tracing
> a child that has setgid set?
Yep, that's intended, because continuing to trace would be a security
hole. The alternative would be to ignore the setgid/setuid bits, like
a ptrace(2)'d process does, but in my experience that's more
frustrating. I know I've wasted a couple hours of my life trying to
figure out running a complicated set of program under strace on a
Linux system made them change behavior, on to finally realize that a
setuid bit was being ignored 20 execve's into the setup...
> Should ktrace(1) mention it?
Meh. ktrace(1) says "See Also" ktrace(2), which starts:
The ktrace() function enables or disables tracing of one or more
processes. Users may only trace their own processes. Only the superuser
can trace setuid or setgid programs.
>> You could try "sudo ktrace -i xterm"...
>
> It's long:
>
> http://stare.cz/~hans/.tmp/ktrace.out
> http://stare.cz/~hans/.tmp/kdump.txt
...
> So luit seems to just exit normally,
> for some reason. Sometimes.
Looks like a race in luit's startup, due to how it handles the
ttys/ptys. To work around the problem, invoke it with the -p
option...but I don't know how you can convince xterm to do that.
Philip Guenther
