StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhy does strace following a different execution flow?
primarykey
Id
10546782
data
AcceptedAnswerId
10547022
AnswerCount
1
ClosedDate
CommentCount
6
CommunityOwnedDate
CreationDate
2012-05-11T06:53:06
FavoriteCount
0
LastActivityDate
2017-08-10T06:11:22.663
LastEditDate
2017-08-10T06:11:22.663
LastEditorUserId
285759
OwnerUserId
1160263
ParentId
0
PostTypeId
1
Score
0
ViewCount
458
LastEditorDisplayName
text
Body
I am referring the following <a href="http://www.cgsecurity.org/Articles/SecProg/Art5/index.html" rel="nofollow noreferrer">article</a> learning symbolic link attacks: <pre><code>struct stat st; FILE * fp; if (argc != 3) { fprintf (stderr, "usage : %s file message\n", argv [0]); exit(EXIT_FAILURE); } if (stat (argv [1], & st) < 0) { fprintf (stderr, "can't find %s\n", argv [1]); exit(EXIT_FAILURE); } if (st . st_uid != getuid ()) { fprintf (stderr, "not the owner of %s \n", argv [1]); exit(EXIT_FAILURE); } if (! S_ISREG (st . st_mode)) { fprintf (stderr, "%s is not a normal file\n", argv[1]); exit(EXIT_FAILURE); } sleep (25); if ((fp = fopen (argv [1], "w")) == NULL) { fprintf (stderr, "Can't open\n"); exit(EXIT_FAILURE); } fprintf (fp, "%s\n", argv [2]); fclose (fp); fprintf (stderr, "Write Ok\n"); exit(EXIT_SUCCESS); </code></pre> Now when the program sleeps I <code>rm</code> the arg[1] (using another terminal ) which is the file name and then create a symbolic link for the same file. When I executed as its said in the article I am writing to the file the link is pointing into. Then I used strace passed the same arguments its giving me "cant open" which means that I dont have access to the file passed as arg[1]. But this is not the case when I executed normally how is strace detecting this ? Any help is very valuable. I am writing my own application using ptrace to detect such attacks. I tried using inode numbers to detect this but my application is still referring to the inode number of the file which I am passing. 
Tags
<c><system-calls><ptrace><strace>
Title
Why does strace following a different execution flow?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USJeremy Kerr
UserOwnerUserId
1. USbi0s.kidd0
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.