如何获得dtrace来以非root用户权限运行traced命令? [英] How can I get dtrace to run the traced command with non-root priviledges?
问题描述
OS X缺少linux的strace,但是它具有dtrace,这应该好得多.
OS X lacks linux's strace, but it has dtrace which is supposed to be so much better.
但是,我错过了对单个命令进行简单跟踪的功能.例如,在linux上,我可以编写strace -f gcc hello.c来进行所有系统调用caputre,这给了我 all 列表,这些列表是编译器编译程序所需的文件名(出色的
However, I miss the ability to do simple tracing on individual commands. For example, on linux I can write strace -f gcc hello.c to caputre all system calls, which gives me the list of all the filenames needed by the compiler to compile my program (the excellent memoize script is built upon this trick)
我想在Mac上移植备忘录,所以我需要某种strace.我真正需要的是gcc读取和写入的文件列表,所以我需要的更多是truss.我可以肯定地说出dtruss -f gcc hello.c并获得一些相同的功能,但是随后编译器以root特权运行,这显然是不希望的(除了巨大的安全风险之外,一个问题是a.out文件现在归所有者所有)根:-)
I want to port memoize on the mac, so I need some kind of strace. What I actually need is the list of files gcc reads and writes into, so what I need is more of a truss. Sure enough can I say dtruss -f gcc hello.c and get somewhat the same functionality, but then the compiler is run with root priviledges, which is obviously undesirable (apart from the massive security risk, one issue is that the a.out file is now owned by root :-)
然后我尝试了dtruss -f sudo -u myusername gcc hello.c,但这感觉有点不对劲,而且还是无法正常工作(我一直没有得到a.out文件,不确定原因)
I then tried dtruss -f sudo -u myusername gcc hello.c, but this feels a bit wrong, and does not work anyway (I get no a.out file at all this time, not sure why)
漫长的故事试图激发我最初的问题:如何让dtrace以普通用户权限运行命令,就像strace在Linux中一样?
All that long story tries to motivate my original question: how do I get dtrace to run my command with normal user privileges, just like strace does in linux ?
is seems that I'm not the only one wondering how to do this: question #1204256 is pretty much the same as mine (and has the same suboptimal sudo answer :-)
推荐答案
不是您的问题的答案,而是一些要知道的东西. OpenSolaris使用特权"(部分)解决了此问题-请参见
Not an answer to your question but something to know. OpenSolaris solved this issue (partially) with "privileges" - see this page. Even in OpenSolaris, it wouldn't be possible to allow an user, without any extra privileges, to dtruss their own process. The reason is the way dtrace works - it enables probes in the kernel. So allowing a non-privileged user to probe kernel means the user can do lot of unwanted things e.g. sniffing other user's passwd by enabling probes in keyboard driver!
这篇关于如何获得dtrace来以非root用户权限运行traced命令?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
