Re: RFC: path display and path filtering features.

Fri, 18 Feb 2011 14:16:44 -0800 

On Fri, Feb 18, 2011 at 04:20:24PM +0000, Grant Edwards wrote:
[...]
>   if (s->sys_func == printargs ||
>       s->sys_func == sys_pipe  ||
>       s->sys_func == sys_pipe2  ||
>       s->sys_func == sys_eventfd2  ||
>       s->sys_func == sys_eventfd  ||
>       s->sys_func == sys_inotify_init1  ||
>       s->sys_func == sys_timerfd_create ||
>       s->sys_func == sys_timerfd_settime ||
>       s->sys_func == sys_timerfd_gettime)
>     {
>       // these have TRACE_FILE or TRACE_DESCRIPTOR set, but they don't
>       // have any file descriptor or path args to test
>       return 0;
>     }
> 
>   if (s->sys_func == sys_poll ||
>       s->sys_func == sys_ppoll  ||
>       s->sys_func == sys_select ||
>       s->sys_func == sys_oldselect  ||
>       s->sys_func == sys_pselect6)
>     {
>       // these have arguments that refer indirectly to file
>       // descriptors, and we need to add code to handle them.
>       return 0;
>     }
>     
> I'm going to work on checking the fd's referred in the args to the
> poll/select calls.

OK

> Are there other calls in that list that have
> path/fd arguments that should be tested?  

printargs is used to handle a few syscalls that have no individual
parsers yet.  Some of them have path/fd arguments that should be tested,
e.g. splice, sync_file_range, vmsplice.

> > The pathname passed to open(2) is a symlink, and /proc/<pid>/fd/<fd>
> > points to the canonicalized pathname, so -P /lib64/libc-2.11.3.so
> > won't catch this open(2) call now.
> 
> I can think of a couple options:
> 
>  1) Store both the canonical and "as-provided" versions of paths
>     passed to -P.

Agreed, it could be useful for absolute paths passed to -P.

>  2) Canonicalize the pathname passed to -P, and also canonicalize
>     path arguments when checking for a match. 

No, canonicalizing path arguments is unreliable, first of all because
of relative pathnames.


-- 
ldv

Attachment: pgpO7vPDbSIZA.pgp
Description: PGP signature

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Strace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/strace-devel

Reply via email to