On Tue, Dec 17, 2002 at 11:36:58AM +0100, Matthias Hentges wrote:
> Am Die, 2002-12-17 um 04.02 schrieb Vikki Roemer:
> > On Tue, Dec 17, 2002 at 12:14:10AM +0100, Matthias Hentges wrote:
> > >
> > > You may want to try a strace of su:
> > >
> > > $ strace su
> > >
> > > Most of the times you will find your answer with strace.
> > >
> >
> > Man, that's a cool program! I ought to run that more often. :)
> >
> > Ok, anyway, I ran the program with both user accounts (to see if I
> > could figure anything out from the differences (after running 'diff'
> > on the output file, of course)) and have the full output in a file in
> > each account, and I also have a diff of the 2 files; so now my
> > question is, how do I decipher this? I mean, granted, I do know a
> > little programming, but a) C is the newest language that I've learned,
> > and I'm coming to the conclusion that just because I can write some
> > programs, that does not mean that I have any particularly great coding
> > skills (yet), and b) this stuff is *really* raw-- I'm having trouble
> > muddling through it.
>
> Well don't ask me! lol. I don't even speak C...
Oh. *blink* Ok, forget that then. :)
> Strace is nice to check if some lib is missing or some file is lost
> (or if some device can not be opened etc).
Oh. See, looking at it from a programming/hacking point of view, it
struck me as being a really good tool to analyze programs and the
OS. :)
>
> > Alright, now for the questions-- 1, is the diff any good, do you
> > think? I'm not finding any significant differences between the
> > files. 2, I'm kind of reluctant to post the files; granted, I can
> > chop out the passwords (that's the obvious one), but is there anything
> > else I should edit out of the files before posting them?
>
> Dunno :) Change your root pass to "yaddayadda" before strace'ing.
Ok. I just edited the file. Hopefully there's nothing that gives too
much information about the system...
No offense, it's not that I don't trust you or anyone else *in
particular*, I just don't entirely trust everybody in general.
>
> > And 3, what
> > do you want me to post? All 3 files, just the one from the account
> > that's giving me problems, just the diff, or some other combination?
> > Sorry for being a pain about this stuff, but I'm kinda paranoid.
>
> The strace of the "faulty" su should be enough.
>
Ok. It's attached.
--
Vikki Roemer
Registered Linux user #2880021 http://counter.li.org/
"Quod scripsi, scripsi." [Latin, "What I have written, I have written."]
Homepage: http://compgrokker.tripod.com/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d-(?) s: a--- C++++(++) UL++++ P+>++++ L+++>++++ E>++ W++ N+ o?
K- w--() O? M? V?(-) PS+(+++) PE++(+++) Y+ PGP++ t+@ 5 X-()
R*(?) tv-- b+++(++) DI+ D--(?) G e-(*)>+++++ h! r-- x?
------END GEEK CODE BLOCK------
execve("/bin/su", ["su"], [/* 16 vars */]) = 0
uname({sys="Linux", node="Neuromancer", ...}) = 0
brk(0) = 0x80546bc
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=61997, ...}) = 0
old_mmap(NULL, 61997, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40012000
close(3) = 0
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\304\t\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=18188, ...}) = 0
old_mmap(NULL, 181052, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40022000
mprotect(0x40027000, 160572, PROT_NONE) = 0
old_mmap(0x40027000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) =
0x40027000
old_mmap(0x40028000, 156476, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40028000
close(3) = 0
open("/lib/libpam.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\24\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=29360, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4004f000
old_mmap(NULL, 32484, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40050000
mprotect(0x40057000, 3812, PROT_NONE) = 0
old_mmap(0x40057000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) =
0x40057000
close(3) = 0
open("/lib/libpam_misc.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\r\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=8460, ...}) = 0
old_mmap(NULL, 11584, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40058000
mprotect(0x4005a000, 3392, PROT_NONE) = 0
old_mmap(0x4005a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) =
0x4005a000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0K\27\0\000"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=7992, ...}) = 0
old_mmap(NULL, 10924, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4005b000
mprotect(0x4005d000, 2732, PROT_NONE) = 0
old_mmap(0x4005d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) =
0x4005d000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\311Z\1"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1109068, ...}) = 0
old_mmap(NULL, 1125956, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4005e000
mprotect(0x40167000, 40516, PROT_NONE) = 0
old_mmap(0x40167000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x108000)
= 0x40167000
old_mmap(0x4016d000, 15940, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x4016d000
close(3) = 0
munmap(0x40012000, 61997) = 0
brk(0) = 0x80546bc
brk(0x80556bc) = 0x80556bc
brk(0x8056000) = 0x8056000
getuid32() = 1001
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0x8054740, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x8055778, 0x400, 0xd) = 144
getdents64(0x3, 0x8055778, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc", 0xbffffa10) = -1 ENOENT (No such file or directory)
stat64("/dev/tts", 0xbffffa10) = -1 ENOENT (No such file or directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
brk(0x8057000) = 0x8057000
getdents64(0x3, 0x8055778, 0x1000, 0) = 4088
getdents64(0x3, 0x8055778, 0x1000, 0) = 4096
getdents64(0x3, 0x8055778, 0x1000, 0) = 4096
getdents64(0x3, 0x8055778, 0x1000, 0) = 4096
getdents64(0x3, 0x8055778, 0x1000, 0) = 4096
getdents64(0x3, 0x8055778, 0x1000, 0) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=465, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 465
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40012000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=61997, ...}) = 0
old_mmap(NULL, 61997, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40012000
close(3) = 0
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\274\25"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=38900, ...}) = 0
old_mmap(NULL, 37844, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40171000
mprotect(0x4017a000, 980, PROT_NONE) = 0
old_mmap(0x4017a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x9000) =
0x4017a000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\224;\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=69132, ...}) = 0
old_mmap(NULL, 76448, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4017b000
mprotect(0x4018b000, 10912, PROT_NONE) = 0
old_mmap(0x4018b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10000) =
0x4018b000
old_mmap(0x4018c000, 6816, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x4018c000
close(3) = 0
munmap(0x40012000, 61997) = 0
uname({sys="Linux", node="Neuromancer", ...}) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2220, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/sash\n"..., 4096) = 2220
close(3) = 0
munmap(0x40012000, 4096) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0xbffff8f0, 511) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts/", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80567c8, 0x400, 0xd) = 144
getdents64(0x3, 0x80567c8, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc/", 0xbffff4d0) = -1 ENOENT (No such file or directory)
stat64("/dev/tts/", 0xbffff4d0) = -1 ENOENT (No such file or directory)
open("/dev/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
brk(0x8058000) = 0x8058000
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4088
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4096
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4096
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4096
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4096
getdents64(0x3, 0x80567c8, 0x1000, 0) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x40147fa7, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\342\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\7\3\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\3\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\t\3\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
getuid32() = 1001
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2220, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/sash\n"..., 4096) = 2220
close(3) = 0
munmap(0x40012000, 4096) = 0
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/su", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1388, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
read(3, "#\n# The PAM configuration file f"..., 4096) = 1388
open("/lib/security/pam_rootok.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\6\0"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0644, st_size=3844, ...}) = 0
old_mmap(NULL, 6968, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40013000
mprotect(0x40014000, 2872, PROT_NONE) = 0
old_mmap(0x40014000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) =
0x40014000
close(4) = 0
open("/lib/security/pam_unix.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\"\0"..., 1024) = 1024
fstat64(4, {st_mode=S_IFREG|0644, st_size=41412, ...}) = 0
old_mmap(NULL, 93732, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4018e000
mprotect(0x40198000, 52772, PROT_NONE) = 0
old_mmap(0x40198000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x9000) =
0x40198000
old_mmap(0x40199000, 48676, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x40199000
close(4) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40012000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=341, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
read(3, "#\n# /etc/pam.d/other - specify t"..., 4096) = 341
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40012000, 4096) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2220, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/sash\n"..., 4096) = 2220
close(3) = 0
munmap(0x40012000, 4096) = 0
rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) = 0
time(NULL) = 1040092030
getuid32() = 1001
getuid32() = 1001
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT TSTP], [], 8) = 0
time([1040092030]) = 1040092030
write(2, "Password: ", 10) = 10
ioctl(0, SNDCTL_TMR_CONTINUE, {B38400 opost isig icanon -echo ...}) = 0
read(0, "foo\n", 511) = 9
ioctl(0, SNDCTL_TMR_STOP, {B38400 opost isig icanon echo ...}) = 0
write(2, "\n", 1) = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
ioctl(0, SNDCTL_TMR_STOP, {B38400 opost isig icanon echo ...}) = 0
brk(0x8059000) = 0x8059000
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2220, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/sash\n"..., 4096) = 2220
close(3) = 0
munmap(0x40012000, 4096) = 0
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
geteuid32() = 1001
pipe([3, 4]) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
fork() = 7793
write(4, "nonull\0\0", 8) = 8
write(4, "foo\0", 9) = 9
close(3) = 0
close(4) = 0
wait4(7793, [WIFEXITED(s) && WEXITSTATUS(s) == 1], 0, NULL) = 7793
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
getuid32() = 1001
geteuid32() = 1001
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0x8054740, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 144
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc", 0xbffff700) = -1 ENOENT (No such file or directory)
stat64("/dev/tts", 0xbffff700) = -1 ENOENT (No such file or directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
brk(0x805a000) = 0x805a000
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4088
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x40147fa7, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\342\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\7\3\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\3\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\t\3\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0x8054740, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 144
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc", 0xbffff700) = -1 ENOENT (No such file or directory)
stat64("/dev/tts", 0xbffff700) = -1 ENOENT (No such file or directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4088
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x40147fa7, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\342\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\7\3\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\3\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\t\3\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0x8054740, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 144
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc", 0xbffff6f4) = -1 ENOENT (No such file or directory)
stat64("/dev/tts", 0xbffff6f4) = -1 ENOENT (No such file or directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4088
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x40147fa7, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\342\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\7\3\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\3\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\t\3\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", 0x8054740, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 144
getdents64(0x3, 0x80583d8, 0x400, 0xd) = 0
close(3) = 0
stat64("/dev/vc", 0xbffff6f4) = -1 ENOENT (No such file or directory)
stat64("/dev/tts", 0xbffff6f4) = -1 ENOENT (No such file or directory)
open("/dev", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4088
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
getdents64(0x3, 0x80583d8, 0x1000, 0xd) = 4096
stat64("/dev/tty3", {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x40147fa7, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0\342\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\7\3\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\3\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\t\3\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
brk(0x805b000) = 0x805b000
time([1040092036]) = 1040092036
open("/etc/localtime", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) = 1267
close(3) = 0
munmap(0x40012000, 4096) = 0
getpid() = 7792
rt_sigaction(SIGPIPE, {0x4011f48b, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0
send(3, "<37>Dec 16 21:27:16 su(pam_unix)"..., 147, 0) = 147
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
select(0, NULL, NULL, NULL, {1, 781437}) = 0 (Timeout)
time([1040092038]) = 1040092038
getpid() = 7792
rt_sigaction(SIGPIPE, {0x4011f48b, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0
send(3, "<35>Dec 16 21:27:18 su[7792]: pa"..., 71, 0) = 71
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
write(2, "su: Authentication failure\n", 27) = 27
munmap(0x40013000, 6968) = 0
munmap(0x4018e000, 93732) = 0
open("/etc/login.defs", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=9812, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
read(4, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(4, " add the rest in the shell start"..., 4096) = 4096
read(4, "ontrol-U and beep continue to wo"..., 4096) = 1620
read(4, "", 4096) = 0
close(4) = 0
munmap(0x40012000, 4096) = 0
time([1040092038]) = 1040092038
getpid() = 7792
rt_sigaction(SIGPIPE, {0x4011f48b, [], 0x4000000}, {SIG_DFL}, 8) = 0
send(3, "<37>Dec 16 21:27:18 su[7792]: - "..., 54, 0) = 54
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 3), ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40012000
write(1, "Sorry.\n", 7) = 7
munmap(0x40012000, 4096) = 0
_exit(1) = ?
