问题描述
OS X缺少linux的strace
,但是它具有dtrace
,这应该好得多.
OS X lacks linux's strace
, but it has dtrace
which is supposed to be so much better.
但是,我错过了对单个命令进行简单跟踪的功能.例如,在linux上,我可以编写strace -f gcc hello.c
来进行所有系统调用caputre,这给了我 all 列表,这些列表是编译器编译程序所需的文件名(出色的记忆脚本就是以此为基础的)
However, I miss the ability to do simple tracing on individual commands. For example, on linux I can write strace -f gcc hello.c
to caputre all system calls, which gives me the list of all the filenames needed by the compiler to compile my program (the excellent memoize script is built upon this trick)
我想在Mac上移植备忘录,所以我需要某种strace
.我真正需要的是gcc
读取和写入的文件列表,所以我需要的更多是truss
.我可以肯定地说出dtruss -f gcc hello.c
并获得一些相同的功能,但是随后编译器以root特权运行,这显然是不希望的(除了巨大的安全风险之外,一个问题是a.out
文件现在归所有者所有)根:-)
I want to port memoize on the mac, so I need some kind of strace
. What I actually need is the list of files gcc
reads and writes into, so what I need is more of a truss
. Sure enough can I say dtruss -f gcc hello.c
and get somewhat the same functionality, but then the compiler is run with root priviledges, which is obviously undesirable (apart from the massive security risk, one issue is that the a.out
file is now owned by root :-)
然后我尝试了dtruss -f sudo -u myusername gcc hello.c
,但这感觉有点不对劲,而且还是无法正常工作(我一直没有得到a.out
文件,不确定原因)
I then tried dtruss -f sudo -u myusername gcc hello.c
, but this feels a bit wrong, and does not work anyway (I get no a.out
file at all this time, not sure why)
漫长的故事试图激发我最初的问题:如何让dtrace
以普通用户权限运行命令,就像strace
在Linux中一样?
All that long story tries to motivate my original question: how do I get dtrace
to run my command with normal user privileges, just like strace
does in linux ?
似乎我不是唯一想知道如何执行此操作的人:问题与我的几乎相同(并且具有相同的次优sudo答案:-)
is seems that I'm not the only one wondering how to do this: question #1204256 is pretty much the same as mine (and has the same suboptimal sudo answer :-)
推荐答案
不是您的问题的答案,而是一些要知道的东西. OpenSolaris使用特权"(部分)解决了此问题-请参见此页面.即使在OpenSolaris中,也无法允许没有任何额外特权的用户使用自己的进程.原因是dtrace的工作方式-它启用了在内核中的探针.因此,允许非特权用户探查内核意味着该用户可以做很多不必要的事情,例如通过在键盘驱动程序中启用探针来嗅探其他用户的密码!
Not an answer to your question but something to know. OpenSolaris solved this issue (partially) with "privileges" - see this page. Even in OpenSolaris, it wouldn't be possible to allow an user, without any extra privileges, to dtruss their own process.The reason is the way dtrace works - it enables probes in the kernel. So allowing a non-privileged user to probe kernel means the user can do lot of unwanted things e.g. sniffing other user's passwd by enabling probes in keyboard driver!
这篇关于如何获得dtrace来以非root用户权限运行traced命令?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!