02-01-2005
It looks like ftp has the setuid bit turned on. Probably to be able to read files.
Depending on how your system is set up, you may have to copy the ftp image to another directory, log in as root, clear the setuid bit, then run truss.
That's my best guess from what I see here.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I'm a DBA so no abuse please! I've for 5 Oracle Forms processes that are spinning and am trying to find out if they're doing anything:
Running HPUX 11.11
CPU TTY PID USERNAME PRI NI SIZE RES STATE TIME %WCPU %CPU COMMAND
9 ? 2735 oracle 241 20 24228K 16668K run 2607:29 84.92... (2 Replies)
Discussion started by: fraze
2 Replies
2. IP Networking
I have tried to analyze the log of truss shown below. I haven't found anything clear for me indicating the problem. The process is the server that accepts client connections. To establish the connection it starts the child thread then it should transfer data. In reality it gets only connection.... (1 Reply)
Discussion started by: gogogo
1 Replies
3. Shell Programming and Scripting
Hi all,
while trying to debug and figure out why a lofiadm command was not working on my script, i came across a cmd called "truss"
all i know about it is that it executes the specified command and produces a trace of the system calls it performs, the signals it receives, and the machine faults... (5 Replies)
Discussion started by: wrapster
5 Replies
4. Shell Programming and Scripting
Hi
I have to get redirect the truss ouput to file.
I am doing truss -p 12121 >> output.txt
But it still displays on the screen adn output.txt is empty
Can some help how to do this?
Thanks in advance
Ammu (1 Reply)
Discussion started by: ammu
1 Replies
5. Shell Programming and Scripting
i have to gather some info about a process and redirect it to a1.txt file. For this i m using truss command
truss -po a1.txt $PID_Detail
where $PID_Detail= 1482944 3362976
--------------------------------------------------------------------------
Below the script:
#!/bin/ksh
for i... (6 Replies)
Discussion started by: ali560045
6 Replies
6. AIX
Hello,
I'm using AIX 5.3.12.5 and trying to understand truss output.
I'm running a job with real time of 16 minutes but only 4 minutes of CPU time. I'm trying to understand what the process is doing.
I'm getting a lot of
kread,
kpread,
kwrite,
kpwrite...
localhost:~ x$ grep... (1 Reply)
Discussion started by: Kovacs
1 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I want to trace a background java program which runs in infinite loop. I have used truss command for this.
But the program terminated after some hours with below truss output:
Received signal #1, SIGHUP, in lwp_cond_wait()
/1: siginfo: SIG#0
Please let me know what... (0 Replies)
Discussion started by: Hara Prasad
0 Replies
8. UNIX for Advanced & Expert Users
Hi,
I want to trace a background java program which runs in infinite loop. I have used truss command for this.
But the program terminated after some hours with below truss output:
Received signal #1, SIGHUP, in lwp_cond_wait()
/1: siginfo: SIG#0
Please let me know what... (5 Replies)
Discussion started by: Hara Prasad
5 Replies
9. UNIX for Advanced & Expert Users
Hi,
I am trying to set ulimit for soft stack unlimited, but this is not taking effect, after tracing the ulimit -a unlimited command, the below output was generated, which i am unable to comprehend. Could any one help me with this?
prcbap1-r10prod: truss -d ulimit -s unlimited
Tue Dec 30... (2 Replies)
Discussion started by: NasirAbbasi
2 Replies
10. UNIX for Beginners Questions & Answers
I'm getting the following output from a truss operation of a PID from an application that will not start properly, something with the writing to an archive. Here is the output:
open("arch/chkpt.arch", O_RDWR) Err#13 EACCES
open("arch/chkpt.arch", O_RDWR|O_CREAT|O_TRUNC, 0666)... (6 Replies)
Discussion started by: chadpierce62
6 Replies
LEARN ABOUT LINUX
check-setuid
CHECKSECURITY(8) System Manager's Manual CHECKSECURITY(8)
NAME
checksecurity - check for changes to setuid programs
SYNOPSIS
checksecurity
DESCRIPTION
The checksecurity command scans the mounted files systems (subject to the filter defined in /etc/checksecurity.conf) and compares the list
of setuid programs to the list created on the previous run. Any changes are printed to standard output. Also, it generates a list of nfs
and afs filesystems that are mounted insecurely (i.e. they are missing the nodev and either the noexec or nosuid flags).
checksecurity is run by cron on a daily basis, and the output stored in /var/log/setuid/setuid.changes.
CONFIGURATION
The checksecurity.conf file defines several configuration variables: CHECKSECURITY_FILTER, CHECKSECURITY_NOFINDERRORS, CHECKSECURITY_NONF-
SAFS, CHECKSECURITY_EMAIL, CHECKSECURITY_DEVICEFILTER, CHECKSECURITY_PATHFILTER, and LOGDIR. Each is described below.
The CHECKSECURITY_FILTER environment variable which is the argument of 'grep -vE' applied to the output of the mount command. In other
words, the value of CHECKSECURITY_FILTER is a regular expression that removes matching lines from those file systems that will be scanned.
The default value removes all file systems of type proc, bind, msdos, iso9660, ncpfs, nfs, afs, smbfs, auto, ntfs, coda file systems, any-
thing mounted on /dev/fd*, anything mounted on /mnt or /amd, and anything mounted with option nosuid or noexec.
The checksecurity.conf file is sourced from checksecurity, so you could do some fairly tricky things to define CHECKSECURITY_FILTER.
The CHECKSECURITY_NOFINDERRORS environment variable, if set to the literal "TRUE", disables find errors from checksecurity (actually, it
re-routes them to /dev/null ).
The CHECKSECURITY_NONFSAFS environment variable, if set to the literal "TRUE", disables the message about nfs and afs file systems that are
mounted without the nodev and either the noexec or nosuid options.
If set, the CHECKSECURITY_EMAIL variable defines who is sent a copy of the setuid.changes file.
The CHECKSECURITY_DEVICEFILTER variable specifies a find clause for which matching block and character device files will not be monitored
for changing owners and permissions. For example, if you don't want to check for permission changes on tty device files beneath /dev, you
could set the following:
CHECKSECURITY_DEVICEFILTER='-path /dev/tty*'
Note that any added or modified suid programs under that path would still be detected. If you want to specify multiple expressions, sepa-
rate them with '-o', but there is no need to surround the whole clause with parentheses. To disable this filter, specify it as '-false'
(which is the default).
Note that if the system gets restarted often checksecurity will report a lot of changes in the /dev/ subdirectory due to timestamp changes.
In this case you might want to change it to:
CHECKSECURITY_DEVICEFILTER='-path /dev/'
The CHECKSECURITY_PATHFILTER variable specifies a find clause which will be pruned from the search path. This means that the entire sub-
tree will be completely skipped. Thus, specifying
CHECKSECURITY_PATHFILTER='-path /var/ftp'
then the entire /var/ftp tree will be skipped. To disable this filter, specify it as '-false' (which is the default).
LOGDIR sets the name of the directory which stores the files which track the permission and ownership changes. By default, they are in
/var/log/setuid.
FILES
/etc/checksecurity.conf
checksecurity configuration file
/var/log/setuid/setuid.today
setuid files from the most recent run
/var/log/setuid/setuid.yesterday
setuid files from the previous run
Debian Linux 2 February 1997 CHECKSECURITY(8)