Solved Unable to use truss as non-root user on 12.1

E

eldaemon

I get this on a Raspberry Pi 2 or x86_64.

Code: 
nobody@offspot:~ % truss /bin/echo

truss: Unable to enable LWP events for pid 12746: No such process
nobody@offspot:~ % truss /bin/echo

truss: Unable to enable LWP events for pid 13128: No such process

Any ideas? root is fine on both.
 
I have the default set from install time enabled. The ones that come up after installation is done.

Code: 
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.see_jail_proc=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=1

None of those look like they'd have anything to do with truss, but maybe.
 
eldaemon said:
None of those look like they'd have anything to do with truss, but maybe.
Click to expand...
truss(1):
Code: 
DESCRIPTION
     The truss utility traces the system calls called by the specified process
     or program.  Output is to the specified output file, or standard error by
     default.  It does this by stopping and restarting the process being
     monitored via ptrace(2).
ptrace(2):
Code: 
DESCRIPTION
     The ptrace() system call provides tracing and debugging facilities.  It
     allows one process (the tracing process) to control another (the traced
     process).  The tracing process must first attach to the traced process,
     and then issue a series of ptrace() system calls to control the execution
     of the process, as well as access process memory and register state.

Code: 
% sysctl -d security.bsd.unprivileged_proc_debug
security.bsd.unprivileged_proc_debug: Unprivileged processes may use process debugging facilities
 
Ah, I was going to say the same thing. About
Code: 
security.bsd.unprivileged_proc_debug=0
anyway. I ran a quick test and came up with the same one as the culprit.

Do you know if there's any security drawback to leaving it as
Code: 
security.bsd.unprivileged_proc_debug=1
?

Thank you for your hlep!
 
eldaemon said:
Do you know if there's any security drawback to leaving it as
Click to expand...
The security drawback is that any user is able to run debug commands. While you can't use it to debug processes not owned by you it can still provide a lot of inside information. For your home/hobby machine this probably doesn't matter much but for production systems you'll want to turn that off (nobody is going to debug an active production system any way).
 
You must log in or register to reply here.
Back
Top