FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-20-2010, 06:41 PM
Vimal
 
Default Strace and lsof do not work

Hi,

Why am I unable to strace / lsof into certain processes, even as "root"
user? I am unable to find a concrete answer for this. Please assist.


========
root 14940 0.0 0.1 10380 2552 ? SN 13:02 0:00 \_
/usr/sbin/exim -q


root@dedicated100 [~]# lsof -p 14940
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
exim 14940 root cwd unknown /proc/14940/cwd
(readlink: Permission denied)
exim 14940 root rtd unknown /proc/14940/root
(readlink: Permission denied)
exim 14940 root txt unknown /proc/14940/exe
(readlink: Permission denied)
exim 14940 root 0 unknown /proc/14940/fd/0
(readlink: Permission denied)
exim 14940 root 1 unknown /proc/14940/fd/1
(readlink: Permission denied)
exim 14940 root 2 unknown /proc/14940/fd/2
(readlink: Permission denied)
exim 14940 root 3 unknown /proc/14940/fd/3
(readlink: Permission denied)
exim 14940 root 4 unknown /proc/14940/fd/4
(readlink: Permission denied)


root@dedicated100 [~]# strace -p 14940
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
========

--
Regards,
Vimal Kumar K

| vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
| E: vimal7370 at gmail dot com P: +919947450760 |


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-22-2010, 12:40 AM
"Geofrey Rainey"
 
Default Strace and lsof do not work

Perhaps it's selinux?

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of Vimal
Sent: Saturday, 21 August 2010 6:42 a.m.
To: redhat-list@redhat.com
Subject: Strace and lsof do not work

Hi,

Why am I unable to strace / lsof into certain processes, even as "root"
user? I am unable to find a concrete answer for this. Please assist.

========
root 14940 0.0 0.1 10380 2552 ? SN 13:02 0:00 \_
/usr/sbin/exim -q

root@dedicated100 [~]# lsof -p 14940
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
exim 14940 root cwd unknown /proc/14940/cwd
(readlink: Permission denied)
exim 14940 root rtd unknown /proc/14940/root
(readlink: Permission denied)
exim 14940 root txt unknown /proc/14940/exe
(readlink: Permission denied)
exim 14940 root 0 unknown /proc/14940/fd/0
(readlink: Permission denied)
exim 14940 root 1 unknown /proc/14940/fd/1
(readlink: Permission denied)
exim 14940 root 2 unknown /proc/14940/fd/2
(readlink: Permission denied)
exim 14940 root 3 unknown /proc/14940/fd/3
(readlink: Permission denied)
exim 14940 root 4 unknown /proc/14940/fd/4
(readlink: Permission denied)

root@dedicated100 [~]# strace -p 14940
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
========

--
Regards,
Vimal Kumar K

| vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
| E: vimal7370 at gmail dot com P: +919947450760 |


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
================================================== ========
For more information on the Television New Zealand Group, visit us
online at tvnz.co.nz
================================================== ========
CAUTION: This e-mail and any attachment(s) contain information that
is intended to be read only by the named recipient(s). This information
is not to be used or stored by any other person and/or organisation.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-22-2010, 01:10 AM
Dustin Larmeir
 
Default Strace and lsof do not work

Maybe a rootkit?

On Sat, Aug 21, 2010 at 7:40 PM, Geofrey Rainey
<Geofrey.Rainey@tvnz.co.nz>wrote:

> Perhaps it's selinux?
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com] On Behalf Of Vimal
> Sent: Saturday, 21 August 2010 6:42 a.m.
> To: redhat-list@redhat.com
> Subject: Strace and lsof do not work
>
> Hi,
>
> Why am I unable to strace / lsof into certain processes, even as "root"
> user? I am unable to find a concrete answer for this. Please assist.
>
> ========
> root 14940 0.0 0.1 10380 2552 ? SN 13:02 0:00 \_
> /usr/sbin/exim -q
>
> root@dedicated100 [~]# lsof -p 14940
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> exim 14940 root cwd unknown /proc/14940/cwd
> (readlink: Permission denied)
> exim 14940 root rtd unknown /proc/14940/root
> (readlink: Permission denied)
> exim 14940 root txt unknown /proc/14940/exe
> (readlink: Permission denied)
> exim 14940 root 0 unknown /proc/14940/fd/0
> (readlink: Permission denied)
> exim 14940 root 1 unknown /proc/14940/fd/1
> (readlink: Permission denied)
> exim 14940 root 2 unknown /proc/14940/fd/2
> (readlink: Permission denied)
> exim 14940 root 3 unknown /proc/14940/fd/3
> (readlink: Permission denied)
> exim 14940 root 4 unknown /proc/14940/fd/4
> (readlink: Permission denied)
>
> root@dedicated100 [~]# strace -p 14940
> attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
> ========
>
> --
> Regards,
> Vimal Kumar K
>
> | vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
> | E: vimal7370 at gmail dot com P: +919947450760 |
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> ================================================== ========
> For more information on the Television New Zealand Group, visit us
> online at tvnz.co.nz
> ================================================== ========
> CAUTION: This e-mail and any attachment(s) contain information that
> is intended to be read only by the named recipient(s). This information
> is not to be used or stored by any other person and/or organisation.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-22-2010, 11:41 AM
Vimal
 
Default Strace and lsof do not work

On 08/22/2010 06:40 AM, Dustin Larmeir wrote:

Maybe a rootkit?


It is not a rootkit, and SELinux is disabled..

I am unsure of how to debug this but something is preventing root to
"lsof" or "strace" for processes owned by other users. Checking in
detail, I can use strace/lsof as "root" to see details of a process
owned by root, but fails to do so for processes running as any other user.


Is there any kernel (proc or sysctl) parameter preventing this?

--
Regards,
Vimal Kumar K

| vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
| E: vimal7370 at gmail dot com P: +919947450760 |


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 11:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org