Thanx for the word of warning. You mention trailing junk chars below, which I was also interested in with cat -vetting the output. If we can see a syscall, that is (example: touch x; echo "#!/nosachfiel" >x; chmod 755; strace -e file ./x # no userspace syscall for the bad file :().

The only cheap and moderately quick Unix trick I can think of would be to e.g.

  1. unmount the nfs,
  2. remount (to avoid caching),
  3. mount --bind (to force the kernel to stat the interpreter path on some remote NFS; place the client binary on the mount source location to make this more realistic),
  4. start tcpdump (to catch the kernel red-handed when it is looking for the interpreter on NFS) and then
  5. run the script.

At least the NFS/pcap/tcpdump trick (or an alternative using FUSE/strace) would avoid the overhead of systemtap (C compilers&modprobe while working on all kernels regardless of configuration).

Diffing the hexdumps/ls -l, and checking the mount options should be pretty much what the kernel does itself, unless I've missed something interesting.

As looking for the interpreter in the shebang is kernel-internal only w/o return to userspace, the check of the interpreter should also escape notice when using any of the fakeroot stuff, both LD_PRELOAD and the newer ptrace-based ones. Ugh, another loop hole.

Any good ideas for tracing below strace in Linux (or BSD)? Like a simple-to-use-strace-style frontend to linux systemtap or the probes?

Last time I looked even the AIX4 trace-facility was way more 'quick-use-friendly' than systemtap and friends. And I've still to find a tapset to simulate the global-trace-overkill-from-hell (aka AIX trace-facility). And DTRACE isn't that different (though on Solaris proper I'd expect somewhat better integration in mainline kernels & having more documented examples).

In reply to lowerlevel tracing ideas? -- Re^5: bad interpreter error when running scripts off an NFS share by jakobi
in thread bad interpretor error when running scripts off an NFS share by GaijinPunch

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.