我有以下代码.它只是调用ptrace(PTRACE_TRACEME)然后进入无限循环.
我有两个问题.
1. after executing this binary,I can't attach gdb even if I am root.
2. with ptrace(PTRACE_TRACEME),I can't terminate the process with Ctrl-C (SIGINT). it simply stops.
能有人解释我的原因吗?
先感谢您.
PS.我知道大多数调试器会分叉子,并在’execve()之前调用ptrace(PTRACE_TRACEME)’.没必要提醒我这个.
#include <sys/ptrace.h>
#include <sys/reg.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
int main(int argc,char **argv) {
printf("my pid : %dn",getpid());
ptrace(PTRACE_TRACEME);
while(1){
printf("euid : %dn",geteuid());
sleep(2);
}
return 0;
}
after executing this binary,I can’t attach gdb even if I am root.
来自man ptrace:
ERRORS
EPERM The specified process cannot be traced. This could be
because the parent has insufficient privileges (the required
capability is CAP_SYS_PTRACE); non-root processes cannot trace
processes that they cannot send signals to or those running
set-user-ID/set- group-ID programs,for obvious reasons.
Alternatively,the process may already be being traced,or be init(8) (PID 1).
with ptrace(PTRACE_TRACEME),I can’t terminate the process with Ctrl-C (SIGINT). it simply stops.
来自man ptrace:
DESCRIPTION
While being traced,the child will stop each time a signal is
delivered,even if the signal is being ignored. (The exception is SIGKILL,which has its usual effect.) The parent will be notified at its next wait(2) and may inspect and modify the child process while it is stopped. The parent then causes the child to continue,optionally ignoring the delivered signal (or even delivering a different signal instead).
