File: setuid_monitor_example.txt

package info (click to toggle)
bpfcc 0.35.0%2Bds-2~exp1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 30,672 kB
  • sloc: ansic: 900,938; python: 41,379; cpp: 25,601; sh: 776; makefile: 281
file content (28 lines) | stat: -rw-r--r-- 829 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
Examples of setuid_monitor.py, the Linux eBPF/bcc version.


To demonstrate this, run following or other commands in which setuid are
involved:

# su
# sudo
# passwd

While setuid_monitor.py was tracing in another session:

# ./setuid_monitor.py
TIME(s)            COMM             PID    UID
7615.997           su               2989   0
7616.005           su               2990   0
7616.008           su               2991   0
7621.446           passwd           3008   0
7624.655           passwd           3009   0
7624.664           passwd           3010   0
7629.624           master           1262   0
7640.942           sudo             3012   0

The UID here is the target User ID that setuid trys to elevate the
executable's privilege to.

This program was written as a simplified demonstration of tracing a
tracepoint.