26 Jul
2011
26 Jul
'11
1:05 p.m.
On 07/26/2011 01:59 PM, Tom Horsley wrote:
tomh> strace -o working.trace rsh tomh date rcmd: socket: Permission denied
It's presumably being having its capabilities dropped because you are ptracing an executable with the cap_net_bind_service capability as an unprivileged user (if it wasn't it would be a security hole as a regular user could use a debugger to bind arbitrary privileged ports).
Older releases had the same behaviour when ptracing SUID binaries - this is the same reason you cannot strace the ping command (requires a raw socket so is either SUID or cap_net_raw).
Regards, Bryn.