RFC: path display and path filtering features.

Dmitry V. Levin ldv at altlinux.org
Fri Feb 18 22:16:20 UTC 2011 

On Fri, Feb 18, 2011 at 04:20:24PM +0000, Grant Edwards wrote:
[...]
>   if (s->sys_func == printargs ||
>       s->sys_func == sys_pipe  ||
>       s->sys_func == sys_pipe2  ||
>       s->sys_func == sys_eventfd2  ||
>       s->sys_func == sys_eventfd  ||
>       s->sys_func == sys_inotify_init1  ||
>       s->sys_func == sys_timerfd_create ||
>       s->sys_func == sys_timerfd_settime ||
>       s->sys_func == sys_timerfd_gettime)
>     {
>       // these have TRACE_FILE or TRACE_DESCRIPTOR set, but they don't
>       // have any file descriptor or path args to test
>       return 0;
>     }
> 
>   if (s->sys_func == sys_poll ||
>       s->sys_func == sys_ppoll  ||
>       s->sys_func == sys_select ||
>       s->sys_func == sys_oldselect  ||
>       s->sys_func == sys_pselect6)
>     {
>       // these have arguments that refer indirectly to file
>       // descriptors, and we need to add code to handle them.
>       return 0;
>     }
>     
> I'm going to work on checking the fd's referred in the args to the
> poll/select calls.

OK

> Are there other calls in that list that have
> path/fd arguments that should be tested?  

printargs is used to handle a few syscalls that have no individual
parsers yet.  Some of them have path/fd arguments that should be tested,
e.g. splice, sync_file_range, vmsplice.

> > The pathname passed to open(2) is a symlink, and /proc/<pid>/fd/<fd>
> > points to the canonicalized pathname, so -P /lib64/libc-2.11.3.so
> > won't catch this open(2) call now.
> 
> I can think of a couple options:
> 
>  1) Store both the canonical and "as-provided" versions of paths
>     passed to -P.

Agreed, it could be useful for absolute paths passed to -P.

>  2) Canonicalize the pathname passed to -P, and also canonicalize
>     path arguments when checking for a match. 

No, canonicalizing path arguments is unreliable, first of all because
of relative pathnames.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20110219/c8178cad/attachment.bin>

More information about the Strace-devel mailing list