Andrew Morgan wrote:
>
> Peeter,
>
> I've attached a wrapper program that should allow this and only this.
> Without filesystem capabilities (2.3 stuff), you'll have to make do with
> some sort of wrapper. You'll need to make this wrapper setuid root.
Don't you just hate it when that happens.. Here's the attachment.
Cheers
Andrew
--------------A7C9733C4F1D4B054D99A1BC
Content-Type: text/plain; charset=us-ascii; name="strace_all.c"
Content-Disposition: inline; filename="strace_all.c"
Content-Transfer-Encoding: 7bit
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
/* make this program setuid root */
void main(int argc, char **argv)
{
int i;
char ** new_args = calloc(argc+4, sizeof(char **));
if (new_args == NULL) {
fprintf(stderr, "no memory\n");
exit(1);
}
setuid(geteuid());
new_args[0] = "/sbin/execcap";
new_args[1] = "execcap";
new_args[2] = "cap_sys_ptrace=i";
new_args[3] = "/usr/bin/strace";
for (i=0; ++i<argc; ) {
new_args[3+i] = argv[i];
}
execvp(new_args[0], new_args+1);
fprintf(stderr, "Unable to execute command: %s\n", strerror(errno));
for (i=0; new_args[i]; ++i) {
printf(" %s", new_args[i]);
}
printf("\n");
exit(1);
}
--------------A7C9733C4F1D4B054D99A1BC--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/