binding socket fails when run under ptrace?
Bryn M. Reeves
bmr at redhat.com
Tue Jul 26 13:05:59 UTC 2011
On 07/26/2011 01:59 PM, Tom Horsley wrote:
> tomh> strace -o working.trace rsh tomh date
> rcmd: socket: Permission denied
It's presumably being having its capabilities dropped because you are ptracing
an executable with the cap_net_bind_service capability as an unprivileged user
(if it wasn't it would be a security hole as a regular user could use a debugger
to bind arbitrary privileged ports).
Older releases had the same behaviour when ptracing SUID binaries - this is the
same reason you cannot strace the ping command (requires a raw socket so is
either SUID or cap_net_raw).
Regards,
Bryn.
More information about the users
mailing list