我有以下代码。它只是在进入无限循环之前调用 ptrace(PTRACE_TRACEME)。
我有两个问题:
执行二进制文件后,即使我是 root,我也无法附加 gdb。
使用
ptrace(PTRACE_TRACEME),我无法使用 Ctrl-C (SIGINT) 终止进程。它只是停止了。
谁能解释一下这是怎么回事?提前谢谢你。
PS:我知道大多数调试器会派生一个子进程,然后在 execve 之前调用 ptrace(PTRACE_TRACEME)。无需提醒我这一点。
#include <sys/ptrace.h>
#include <sys/reg.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
int main(int argc, char **argv) {
printf("my pid : %d\n", getpid());
ptrace(PTRACE_TRACEME);
while(1){
printf("euid : %d\n", geteuid());
sleep(2);
}
return 0;
}
最佳答案
after executing this binary, I can't attach gdb even if I am root.
来自 man ptrace:
ERRORS
EPERM The specified process cannot be traced. This could be because the parent has insufficient privileges (the required capability is CAP_SYS_PTRACE); non-root processes cannot trace processes that they cannot send signals to or those running set-user-ID/set- group-ID programs, for obvious reasons. Alternatively, the process may already be being traced, or be init(8) (PID 1).
with ptrace(PTRACE_TRACEME), I can't terminate the process with Ctrl-C (SIGINT). it simply stops.
来自 man ptrace:
DESCRIPTION
While being traced, the child will stop each time a signal is delivered, even if the signal is being ignored. (The exception is SIGKILL, which has its usual effect.) The parent will be notified at its next wait(2) and may inspect and modify the child process while it is stopped. The parent then causes the child to continue, optionally ignoring the delivered signal (or even delivering a different signal instead).
关于ptrace TRACEME调用的Linux效果,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24353329/