I'm working with a modified version of strace to collect some information on the long term behaviors of process trees and file system accesses. I've got it logging data on a couple of different systems, some of which I do not have root access to. Each of the users of the system spawns an strace process which then traces all of their shell activity.
However, since this is a long term tracing project, users will need to run setuid or setgid executables from time to time. Rather than dropping those bits silently (since strace is running as non-root), and breaking functionality, I'd like to detect that the child process is doing setuid, and detach from it, logging a message that there was an untraced child process. Can you point me at the area of the code where the setuid bits on child processes are handled? I'm assuming it's somewhere around startup_child(), but I'm not spotting it. --apw ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
