strace output question

Question

I run a program on both CentOS and Debian. The output is exactly the same but in Centos I get the 3 lines in bold while in Debian I do not. What are those 3 lines about and how can I get them in Debian too ?

execve("./z1", ["./z1"], [/* 31 vars */]) = 0
brk(0)                                  = 0x8458000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f41000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/home/myuser/public_html/libs/libmudflap.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0PJ\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=105432, ...}) = 0
mmap2(NULL, 943136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xd89000
mmap2(0xda2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19) = 0xda2000
mmap2(0xda3000, 836640, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xda3000
close(3)                                = 0
open("/home/myuser/public_html/libs/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320m\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1327556, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f40000
mmap2(NULL, 1337704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x891000
mprotect(0x9d1000, 4096, PROT_NONE)     = 0
mmap2(0x9d2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x140) = 0x9d2000
mmap2(0x9d5000, 10600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x9d5000
close(3)                                = 0
open("/home/myuser/public_html/libs/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9736, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x74e000
mmap2(0x750000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x750000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3f000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f3f6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\f\233\37", 3)                 = 3
close(3)                                = 0
mprotect(0x750000, 4096, PROT_READ)     = 0

Answer 1

I don't think it has anything to do with strace. I am not for sure, but it probably has something to do with how things are arranged in memory. I know some systems place parts of the binary at random places in memory to protect against malicous activities. This is called Address Space Layout Randomization (ASLR). I'm guessing then that CentOS is using this and that Debian is not. See this post about disabling ASLR in CentOS. Try that and see if strace still shows /dev/urandom being opened.

So the point is that it may be your system, not strace or the program that is causing the discrepancy.

-- Edit --

So I may be wrong above. I have done a ton of research into this question, and have managed to narrow it down. What I found is that it is most likely a library making these calls. The method I used was a bit involved, but doable. See this post on how it's done if you are still curious.

I did this debugging using eye of gnome (eog), because the simple test program I wrote did not trigger the reads of urandom. It turns out that Gkt+ was the culprit in my case, it uses random numbers to create unique id's for some objects. I am curious to know what you program is using that makes these calls. At this point I doubt it is ASLR.