Linux进程跟踪:以CVE-2019-0232为例

strace -F -e vfork,execve java Main
public class Main{
  public static void main(String[] args) throws Exception{

    String [] cmd={"./arg.sh", "arg", "&", "dir"};
    Runtime.getRuntime().exec(cmd);
  }
}

参数解释:

-F: Trace child processes as they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system calls.

-F: 如果被trace的进程有创建新的子进程的话,trace被trace进程的子进程。

结果如下:

[pid 110090] execve("/bin/sh", ["/bin/sh", "./arg.sh", "arg", "&", "dir"], [/* 22 vars */] 

Linux进程跟踪:以CVE-2019-0232为例_第1张图片
参考:
https://xz.aliyun.com/t/4875

你可能感兴趣的:(java,Linux-Unix)