Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/bin/ps Minor fixes:
details: https://anonhg.NetBSD.org/src/rev/e2e4af7f0b22
branches: trunk
changeset: 467720:e2e4af7f0b22
user: bgrayson <bgrayson%NetBSD.org@localhost>
date: Sat Mar 27 21:38:08 1999 +0000
description:
Minor fixes:
1. Use statfs() to verify that /proc is a procfs.
2. Add -K option to disable /proc-based method.
3. Make warnings less verbose, but still accurate.
diffstat:
bin/ps/procfs_ops.c | 17 +++++++++++++++--
bin/ps/ps.1 | 25 +++++++++++++++++++------
bin/ps/ps.c | 48 ++++++++++++++++++++++--------------------------
3 files changed, 56 insertions(+), 34 deletions(-)
diffs (214 lines):
diff -r 95338e0116b3 -r e2e4af7f0b22 bin/ps/procfs_ops.c
--- a/bin/ps/procfs_ops.c Sat Mar 27 21:12:05 1999 +0000
+++ b/bin/ps/procfs_ops.c Sat Mar 27 21:38:08 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_ops.c,v 1.2 1999/03/27 15:22:17 tron Exp $ */
+/* $NetBSD: procfs_ops.c,v 1.3 1999/03/27 21:38:08 bgrayson Exp $ */
/*
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -38,6 +38,7 @@
#include <sys/cdefs.h>
#include <sys/param.h>
+#include <sys/mount.h>
#include <sys/sysctl.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -132,8 +133,19 @@
struct kinfo_proc *kp;
int mib[4];
size_t len;
+ struct statfs procfsstat;
- /* First, try to stat /proc/1/status. If we can't do
+ /* First, make sure that /proc is a procfs filesystem. */
+ if (statfs("/proc", &procfsstat)) {
+ warn("statfs on /proc failed");
+ return 0;
+ }
+ if (strcmp(procfsstat.f_fstypename, MOUNT_PROCFS)) {
+ warnx("/proc exists but does not have a procfs mounted on it.");
+ return 0;
+ }
+
+ /* Try to stat /proc/1/status. If we can't do
* that, then just return right away. */
if (stat("/proc/1/status", &statbuf)) {
warn("stat of /proc/1/status");
@@ -232,5 +244,6 @@
}
*cnt = knum;
+ close(procdirfd);
return kp;
}
diff -r 95338e0116b3 -r e2e4af7f0b22 bin/ps/ps.1
--- a/bin/ps/ps.1 Sat Mar 27 21:12:05 1999 +0000
+++ b/bin/ps/ps.1 Sat Mar 27 21:38:08 1999 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ps.1,v 1.30 1999/03/26 22:36:02 bgrayson Exp $
+.\" $NetBSD: ps.1,v 1.31 1999/03/27 21:38:08 bgrayson Exp $
.\"
.\" Copyright (c) 1980, 1990, 1991, 1993, 1994
.\" The Regents of the University of California. All rights reserved.
@@ -41,7 +41,7 @@
.Nd process status
.Sh SYNOPSIS
.Nm ""
-.Op Fl acCehjlmrSTuvwx
+.Op Fl acCehjKlmrSTuvwx
.Bk -words
.Op Fl M Ar core
.Ek
@@ -107,6 +107,10 @@
.It Fl j
Print information associated with the following keywords:
user, pid, ppid, pgid, sess, jobc, state, tt, time and command.
+.It Fl K
+Disable the fallback /proc-based method. Note that the /proc-based method
+is only used if the ordinary kvm method is not possible. See below for more
+details.
.It Fl L
List the set of available keywords.
.It Fl l
@@ -186,6 +190,11 @@
Also display information about processes without controlling terminals.
.El
.Pp
+.\" XXX IMPORTANT: If/when the /proc-based code is pulled out,
+.\" remove all references to the -K option, and the paragraph
+.\" below. It might be a good idea to keep -K around for one
+.\" release, and have it print a warning that -K is deprecated.
+.\" - bgrayson
If
.Nm
is unable to extract process information directly from the
@@ -201,10 +210,14 @@
.Dq Pa /proc
filesystem is mounted. See
.Xr mount_procfs 8
-for more details. Note that this will only produce correct
-results if the /proc filesystem is secure (for example, no intruder
-has mounted something else on top of it). This experimental
-fallback method will change in future releases.
+for more details.
+.Nm
+verifies that
+.Dq Pa /proc
+is a procfs filesystem before proceeding. This experimental
+fallback method will change in future releases. The
+.Fl K
+option disables this fallback /proc-based lookup.
.Pp
A complete list of the available keywords are listed below.
Some of these keywords are further specified as follows:
diff -r 95338e0116b3 -r e2e4af7f0b22 bin/ps/ps.c
--- a/bin/ps/ps.c Sat Mar 27 21:12:05 1999 +0000
+++ b/bin/ps/ps.c Sat Mar 27 21:38:08 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ps.c,v 1.27 1999/03/26 22:36:02 bgrayson Exp $ */
+/* $NetBSD: ps.c,v 1.28 1999/03/27 21:38:08 bgrayson Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)ps.c 8.4 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: ps.c,v 1.27 1999/03/26 22:36:02 bgrayson Exp $");
+__RCSID("$NetBSD: ps.c,v 1.28 1999/03/27 21:38:08 bgrayson Exp $");
#endif
#endif /* not lint */
@@ -82,6 +82,7 @@
int eval; /* exit value */
int rawcpu; /* -C */
int sumrusage; /* -S */
+int dontuseprocfs=0; /* -K */
int termwidth; /* width of screen (0 == infinity) */
int totwidth; /* calculated width of requested variables */
@@ -137,7 +138,7 @@
flag = getuid();
memf = nlistf = swapf = NULL;
while ((ch = getopt(argc, argv,
- "acCeghjLlM:mN:O:o:p:rSTt:U:uvW:wx")) != -1)
+ "acCeghjKLlM:mN:O:o:p:rSTt:U:uvW:wx")) != -1)
switch((char)ch) {
case 'a':
what = KERN_PROC_ALL;
@@ -162,6 +163,9 @@
fmt = 1;
jfmt[0] = '\0';
break;
+ case 'K':
+ dontuseprocfs=1;
+ break;
case 'L':
showkey();
exit(0);
@@ -320,6 +324,11 @@
*/
if ((kp = kvm_getprocs(kd, what, flag, &nentries)) == 0)
{
+ /* If/when the /proc-based code is ripped out
+ * again, make sure all references to the -K
+ * option are also pulled (getopt(), usage(),
+ * man page). See the man page comments about
+ * this for more details. */
/* sysctl() ought to provide some sort of
* always-working-but-minimal-functionality
* method of providing at least some of the
@@ -330,33 +339,20 @@
* mounted) to grab as much information as we can.
* The guts of emulating kvm_getprocs() is in
* the file procfs_ops.c. */
- warnx("%s.\n %s", kvm_geterr(kd),
- "Attempting experimental, insecure /proc-based method.");
+ warnx("%s.", kvm_geterr(kd));
+ if (dontuseprocfs) {
+ exit(1);
+ }
/* procfs_getprocs supports all but the
* KERN_PROC_RUID flag. */
kp=procfs_getprocs(what, flag, &nentries);
if (kp == 0) {
- errx(1, "/proc-based lookup also failed. Giving up...");
+ errx(1, "fallback /proc-based lookup also failed. %s",
+ "Giving up...");
}
- /* An intruder could have put an ordinary filesystem
- * on /proc, and keep updating it to make
- * it look like it's the real /proc, when in
- * reality they are hiding information about
- * some trojan processes that are running.
- * Should we walk the mounted-filesystems table
- * to figure out whether /proc is mounted with
- * nothing mounted on top of it? For now, just
- * print a verbose warning. XXX bgrayson */
- fprintf(stderr, "%s%s%s%s%s%s%s%s%s",
- "*****************************************\n",
- "Warning: /proc does not provide sufficient ",
- "information to provide\n",
- "valid data for all fields.\n",
- "1. Several fields (like ",
- "STAT and TIME) will be incorrect.\n",
- "2. If your system may be compromised, ",
- "verify that /proc is secure\n",
- " before trusting these results.\n");
+ fprintf(stderr, "%s%s",
+ "Warning: /proc does not provide ",
+ "valid data for all fields.\n");
}
if ((kinfo = malloc(nentries * sizeof(*kinfo))) == NULL)
err(1, "%s", "");
@@ -535,7 +531,7 @@
(void)fprintf(stderr,
"usage:\t%s\n\t %s\n\t%s\n",
- "ps [-aChjlmrSTuvwx] [-O|o fmt] [-p pid] [-t tty]",
+ "ps [-aChjKlmrSTuvwx] [-O|o fmt] [-p pid] [-t tty]",
"[-M core] [-N system] [-W swap]",
"ps [-L]");
exit(1);
Home |
Main Index |
Thread Index |
Old Index