similar to: DTrace as a security tool / http://systrace.org

There is a Slashdot discussion today titled "Cambridge Researcher Breaks OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s Dtrace might be vulnerable." I don''t think it is. Comments? Exploiting Concurrency Vulnerabilities in System Call Wrappers http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf Abstract

Hi, is it somehow possible to use Dtrace for error injection in a kernel module? Something like changing: - function return value - value of a register If not, can it be implemented? I can do that via kmdb, but I need Dtrace for the time synchronization - chill() action. I can not combine Dtrace & kmdb: dtrace: failed to initialize dtrace: DTrace cannot be used when kernel debugger

I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1. I'm sending him the diffs to integrate into his distribution. I'd also like to submit them to someone with FreeBSD for consideration, and hopefully inclusion as a port or whatever you prefer. Who could I send them to, or what would you prefer me to do with regard to FreeBSD? Thanks, Rich Murphey

N_conreq:entry { self->x=1; calledaddr=(struct xaddrf *)arg3; callingaddr=(struct xaddrf *)arg4; trace(calledaddr->link_id); tracemem(calledaddr->DTE_MAC.lsap_add, 80); trace(callingaddr->link_id); tracemem(callingaddr->DTE_MAC.lsap_add, 80); } 0 -> N_conreq 255

Hi, Has something related to speculative tracing changed between s10 FCS and the more recent nevada builds ? I was trying the specopen.d script from the Dtrace guide on a nevada machine and it failed with : dtrace: failed to enable ''./spec.d'': DIF program content is invalid To try and narrow things down a bit I wrote the following short script. This works fine on s10, but

Hey, Do you guys think that is a good idea to have a manual page for each provider with a complete description of what probes are offered ? Found some already under 7D category: dtrace dtrace (7d) - DTrace dynamic tracing facility fasttrap fasttrap (7d) - DTrace user instruction tracing provider fbt fbt (7d) - DTrace function boundary tracing provider

Howdy, Is there a method to get the number of elements in an aggregation? Are the results stored in an aggregation guaranteed to be in any type of order? Thanks for any insight, - Ryan -- UNIX Administrator http://daemons.net/~matty

I have a number of systems running solaris10 and i see the package and binary for dtrace installed however whenever we try to run anything we get this error dtrace: failed to initialize dtrace: DTrace device not available on system the only system in which i dont have this error is the development server that has the full solaris 10 install while others are minimized, do i need additional

Just showing someone how great DTrace is and then we spot something I do not understand. Of course it can be a major misunderstanding of myself. Would appreciate another (expert) look upon this. The goal we try to achieve is trying to get insight if there is a bursty nature in the time slot when system calls are done. Following DTrace snippet is tried: dtrace -q -p 3173 -n

Just to let people know what my big picture is, I''m trying to write a script that will let me run a program, and name a progeny of that program that I want to debug. My script should find the first occurrence of that progeny, and run it until it finishes initializing the runtime linker, but stop it before it runs any shared library startup routines. (Failing that, I''d be okay

> On Jun 14, 2017, at 2:47 PM, Michael Clark via llvm-dev <llvm-dev at lists.llvm.org> wrote: > >> >> On 15 Jun 2017, at 6:50 AM, Louis Gerbarg <lgerbarg at apple.com <mailto:lgerbarg at apple.com>> wrote: >> >>> >>> On Jun 6, 2017, at 4:08 PM, Michael Clark via llvm-dev <llvm-dev at lists.llvm.org <mailto:llvm-dev at

Referring to the DTrace manual: "Module If this probe corresponds to a specific program location, the name of the module in which the probe is located. This name is either the name of a kernel module or the name of a user library. Function If this probe corresponds to a specific program location, the name of the program function in which the probe is located." and then ...

All, With Jon Haslam''s exciting news about the DTrace doc wiki (if you haven''t seen it yet, make your way to http://wikis.sun.com/display/DTrace), and with some of the discussion with the Apple folks, I''m wondering if the time isn''t right for something of a DTrace summit, perhaps as an unconference. The idea here would not be a DTrace user group (though that

OK, I''ve been fritzing around with something I noticed last night, thinking that I understood what was going on, but now it''s getting confusing again. A system that has been running for a couple of months had a hole in the probe ID list near the end in the middle of the fbt probes. And then a couple of syscall probes were stuck in the hole. It looked like this: ... 40311

> On Jun 6, 2017, at 4:08 PM, Michael Clark via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Hi Folks, > > I’m working on a port of musl libc to macos (arch triple is “x86_64-xnu-musl”) to solve some irreconcilable issues I’m having with libSystem.dylib. I don’t want to use glibc for various reasons, mainly because I want to static link. I have static PIE + ASLR working

I see Intel has released a new tool. Oh, it requires some patches to the kernel to record latency times. Good thing people don''t mind patching their kernels, eh? So who can write the equivalent latencytop.d the fastest? ;-) http://www.latencytop.org/ -- cburgess at qnx.com

Is there a trick to listing available providers? I can''t find it.

Hi Bryan, > Does that sit well with everyone? Seems fine to me. Just revisiting one of Dragan''s points, though (sorry if I missed the answer) - is there a reason for making this global (via a #pragma) rather than, say, simply providing two functions which print in the different orders? e.g. printa() for sort by sample, printak() for sort by key. My reason for wanting to do both in

Hello dtrace-discuss, Sometimes I want to run a script for some time and every n second output N top entries. trunc() isn''t suitable here as it also removed keys/values. I want it ''coz over time if I use sum() entries which are normally truncated can actually get to top over a time. Maybe printa() extension, something like: printa(@b[10]) - to output top 10? --

As of patch 32953 dtrace support is in bleadperl (5.11.0). The probes are based on Alan Burlinson''s original blog post on the subject: http://blogs.sun.com/alanbur/date/20050909 By guarding the probes with PERL_SUB_*_ENABLED the performance hit is unmeasurable. All the necessary bits already existed in the wild. I just assembled them and made the necessary changes to