所以标题说明了一切。
一个进程可能有两个跟踪器吗?
我正在使用ptrace,我可以看到只要有人附加到进程,那么在/ proc // status中的TracerPID下将是该跟踪器的PID。但是,是否可以有两个跟踪器?
我有两个程序(示踪剂和示踪剂)。然后我在调试模式下运行了tracee,然后运行了tracer,并得到了错误的操作不允许(即使具有root权限)。
关于, 戈洛比奇
答案 0 :(得分:1)
他们不能。在ptrace手册页中已间接确认:
EPERM The specified process cannot be traced. This could be because
the tracer has insufficient privileges (the required capability
is CAP_SYS_PTRACE); unprivileged processes cannot trace pro‐
cesses that they cannot send signals to or those running set-
user-ID/set-group-ID programs, for obvious reasons. Alterna‐
tively, the process may already be being traced, or (on kernels
before 2.6.26) be init(1) (PID 1).