Compare systrace against fsatrace, bigbro, traced-fs

reverie-rs / reverie

trace and intercept linux syscalls.

Other

14 stars 5 forks source link

Compare systrace against fsatrace, bigbro, traced-fs #38

Open rrnewton opened 5 years ago

rrnewton commented 5 years ago

I don't think we're close to a "release" (i.e. advertising systrace more widely) yet.

But with a future release in mind, it would be good to have a piece of documentation somewhere comparing against these other tracing methods.

rrnewton commented 5 years ago

With all these names that have "trace" as a suffix, I was wondering if there is something that characterizes what systrace does better than "sys". Alas it looks like "bintrace" is taken...

wangbj commented 5 years ago

It's hard to find a good naming, I chose it without too much thoughts, please suggest if you find any thing better :)

wangbj commented 5 years ago

traced-fs doesn't have any update for 3+ years, assume it was succeeded by fsatrace. fsatrace is based on LD_PRELOAD, it also only traces several filesystem related syscalls (interestingly, it also LD_PRELOAD fopen, which is libc function). So it has the limitations of LD_PRELOAD, such as:

not able to intercept syscalls inside library itself, such as syscalls inside libc.so.6;
not able to intercept static binaries

wangbj commented 5 years ago

bigbro seems use the similar approach as detTrace, by using seccomp and ptrace, Like fsatrace, it only traps filesystem related APIs, and patching is a non-goal as far as I can see.