"truss" is buggy?
Dan Nelson
dnelson at allantgroup.com
Mon Dec 22 17:58:03 UTC 2008
In the last episode (Dec 22), Laszlo Nagy said:
> Apparently, the "truss" trace tool has a bug. At least I was told
> that the tracer program should not change the return value of the
> getppid() call inside the traced process. Here is an example program:
It looks like the ptrace() syscall is the problem:
DESCRIPTION
The ptrace() system call provides tracing and debugging
facilities. It allows one process (the tracing process) to
control another (the traced process). The tracing process must
first attach to the traced process, and then issue a series of
ptrace() system calls to control the execution of the process, as
well as access process memory and register state. For the
duration of the tracing session, the traced process will be
``re-parented'', with its parent process ID (and resulting
behavior) changed to the tracing process.
I imagine that also explains why a truss'ed program will die if you
kill -9 the truss process. It looks like the "reset parent when
trussing" behaviour appeared back in 1996 (sys_process.s r1.21). The
fix would probably be to store the pid of the tracing process somewhere
other than p_ppid...
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list