?????> The same happened to me. The problem is that strace accesses
?????> the tracee's memory through /proc/<pid>/mem but as of 1.3.96
?????> any read from processes different from the one which owns the
?????> memory fail with EACCES.
Aaron> This looks like an overly-conservative patch for the
Aaron> /proc/<pid>/mem security hole involving setuid programs. The
Aaron> kernel should really return EACCESS only if the process we are
Aaron> trying to read is setuid.
Kevin> From what I caught of the discussion, you can start watching
Kevin> the process's memory, then have the process 'exec' something
Kevin> suid root, and read straight through the suid root memory.
Seems to me that the answer, then, is to have /prov/<pid>/mem mod 600
and owned by the euid of the process, rather than owned by the uid
that ran it. Linus?
-JimC
-- James H. Cloos, Jr. <URL:http://www.jhcloos.com/~cloos/> cloos@jhcloos.com Work: cloos@io.com LPF,Usenix,SAGE,ISOC,ACLU