Reputation: 5850
What kind of privilege do we need to trace a process in linux
It seems that we can trace other processes with trace functions? Operating system is obliged to provide such an interface. Obviously we can obtain others data such as hidden password when they call a system call, it's a risk. Is there a mechanism to prevent the process from being traced?
Upvotes: 2
Views: 119
Answers (2)
Reputation: 4853
You need the CAP_SYS_PTRACE capability under Linux. If you don't have it, you can only trace processes that you can send signals to, except those running set-user-ID/set-group-ID. A process can also explicitely refuse to be ptraced, using prctl() and setting the PR_SET_DUMPABLE flag.
See man ptrace(2) for more informations.
Upvotes: 2
Reputation: 800
You can always hash the password because issuing the system call, I think. And I think you require a given amount of privilege to hook the login manager's API calls, so there shouldn't be any problems.
Upvotes: 0
Related Questions
- How to find out what Linux capabilities a process requires to work?
- How to trace a process for system calls?
- trace_pipe what are they/ is it file or some kind of channel that I can open and read and write to it | And what are Linux trace
- How do I trace a system call in Linux?
- Grant capabilities to a running process
- Writing memory of the traced process.
- ptrace PTRACE_ATTACH failure - Linux permissions of user owned process
- process Tracing tools in linux
- How to find who is tracing my process?
- debug Linux process with suid