How to detach if a process is setuid or setgid?

Aleatha Parker-Wood aleatha at soe.ucsc.edu
Thu Jul 19 22:31:51 UTC 2012


I'm working with a modified version of strace to collect some information on
the long term behaviors of process trees and file system accesses.  I've got
it logging data on a couple of different systems, some of which I do not
have root access to.  Each of the users of the system spawns an strace
process which then traces all of their shell activity.

However, since this is a long term tracing project, users will need to run
setuid or setgid executables from time to time.  Rather than dropping those
bits silently (since strace is running as non-root), and breaking
functionality, I'd like to detect that the child process is doing setuid,
and detach from it, logging a message that there was an untraced child
process.

Can you point me at the area of the code where the setuid bits on child
processes are handled?  I'm assuming it's somewhere around startup_child(),
but I'm not spotting it.
--apw






More information about the Strace-devel mailing list