misc/140493: truss log file descriptor shared with traced program
Erik Lax
erik at datahack.se
Wed Nov 11 22:10:04 UTC 2009
>Number: 140493
>Category: misc
>Synopsis: truss log file descriptor shared with traced program
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 11 22:10:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Erik Lax
>Release: FreeBSD 7.2-RELEASE
>Organization:
>Environment:
FreeBSD freebsd.datahack.se 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 08:49:13 UTC 2009 root at walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
The truss -o log file descriptor is shared with the traced program when truss starts the program with vfork/execvp, for no obvious reason(?).
So it may play with your head when you are trying to debug a program if you are not aware of this!
As a security/technical problem this may affects badly written programs that expects a certain file descriptor to be opened at some target, causing the log file to be modified (by accident or evil...ftruncate).
>How-To-Repeat:
In one terminal
# truss -o /tmp/truss.log sleep 60
followed by .. in another terminal
# fstat | grep sleep
root sleep 37193 root / 2 drwxr-xr-x 512 r
root sleep 37193 wd / 45516 drwxr-xr-x 512 r
root sleep 37193 text / 46256 -r-xr-xr-x 5964 r
root sleep 37193 0 /dev 100 crw--w---- ttyp2 rw
root sleep 37193 1 /dev 100 crw--w---- ttyp2 rw
root sleep 37193 2 /dev 100 crw--w---- ttyp2 rw
root sleep 37193 3 /tmp 4 -rw-r--r-- 2278 w
File descriptor 3 is pointing at the log file provided by -o
>Fix:
Close the file descriptor trussinfo->outfile after the vfork().
Suggested changes would be to either make setup_and_wait(char *command[]) (setup.c) also take the file descriptor that should be closed as an argument or close all file descriptors from fd#3 and above after the vfork().
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list