Bug 186637
Summary: | lsof -c long-command-name fails | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jon Burgess <jburgess777> | ||||
Component: | lsof | Assignee: | Karel Zak <kzak> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brock Organ <borgan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-05-26 11:54:09 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jon Burgess
2006-03-24 21:32:07 UTC
It seems lsof reads the name via /proc/<pid>/stat which in turn reads it from the kernel task structure which only keeps the first 15 characters of the process name. lsof will be out of luck ever finding a process name of more than 15 characters. Shouldn't lsof at least give a warning? Or it could try to truncate the name or match /proc/<pid>/cmdline which has the full name. from include/linux/sched.h: /* Task command name length */ #define TASK_COMM_LEN 16 struct task_struct { ... char comm[TASK_COMM_LEN]; /* executable name excluding path I don't think that /proc/<pid>/cmdline is a good idea, because applications are able to modify their argv[]. It means /proc/<pid>/cmdline is not reliable and stable. The problem is that lsof tries to use command name which is longer that by system (kernel) supported names. I think the lsof command should be give a warning ("too long command name") or cut the argument from -c to maximal length which is supported by dialect (for linux is it 15 bytes). I will try to resolve it with upstream maintainer. Thanks for your report. Created attachment 127148 [details]
Program to test a fake process name
Ok, thanks. I thought you might be interested to know that the kernel lets a
process overwrite the main process name too so that isn't much more reliable
than argv[0]. Here is the output of the test program attached which spoofs
"FAKE!" as the process name to both ps and lsof:
[jburgess@shark lsof]$ ./foo
PID TTY TIME CMD
9973 pts/8 00:00:00 FAKE!
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
FAKE! 9973 jburgess cwd DIR 253,1 4096 2066861 /home/jburgess/lsof
FAKE! 9973 jburgess rtd DIR 253,0 4096 2 /
FAKE! 9973 jburgess txt REG 253,1 7781 1212430
/home/jburgess/lsof/foo
FAKE! 9973 jburgess mem REG 0,0 0 [heap] (stat: No such
file or directory)
FAKE! 9973 jburgess mem REG 253,0 130200 753703 /lib64/ld-2.4.so
FAKE! 9973 jburgess mem REG 253,0 1653456 753738 /lib64/libc-2.4.so
...
I wonder whether selinux ought to have a policy to stop prctl(PR_SET_NAME).
Upstream changelog: 4.77 April 10, 2006 Based on a bug report from Karel Zak <kzak> added command name length checking to as many dialects as possible (Linux for Karel) for the "-c c" option. Example: # lsof -c gnome-screensaver lsof: "-c gnome-screensaver" length (17) > what system provides (15) |