In Linux systems that feature capabilities-based security, the ability to ptrace is further limited by the CAP_SYS_PTRACE capability or by the YAMA Linux Security Module. Īs the ability to inspect and alter another process is very powerful, ptrace can attach only to processes that the owner can send signals to (typically only their own processes) the superuser account can ptrace almost any process (except init on kernels before 2.6.26).
Iptrace org install#
The ability to write into the target's memory allows not only its data store to be changed, but also the application's own code segment, allowing the controller to install breakpoints and patch the running code of the target. It can single-step through the target's code, can observe and intercept system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf. This includes manipulation of its file descriptors, memory, and registers. It can further be used as a sandbox and as a run-time environment simulator (like emulating root access for non-root software ).īy attaching to another process using the ptrace call, a tool has extensive control over the operation of its target. ptrace is also used by specialized programs to patch running programs, to avoid unfixed bugs or to overcome security features. Ptrace is used by debuggers (such as gdb and dbx), by tracing tools like strace and ltrace, and by code coverage tools.
0 kommentar(er)
