Description of problem: "lsof -c long-command-name" fails if the command is more than 16 characters long Version-Release number of selected component (if applicable): lsof-4.76-2 How reproducible: Every time Steps to Reproduce: 1. Find a running process with a long name 2. lsof -c <process name> 3. If nothing is produced, trim off a few characters from the name and try again. Actual results: [root@shark beagle]# lsof -c cups-config-daemon [root@shark beagle]# lsof -c cups-config-daem [root@shark beagle]# lsof -c cups-config-da COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cups-conf 2726 root cwd DIR 253,0 4096 2 / cups-conf 2726 root rtd DIR 253,0 4096 2 / cups-conf 2726 root txt REG 253,0 24304 2135449 /usr/bin/cups-config-daemon ... Same with beagle-index-daemon: [root@shark beagle]# lsof -c beagle-build-index [root@shark beagle]# lsof -c beagle-build-inde [root@shark beagle]# lsof -c beagle-build-ind [root@shark beagle]# lsof -c beagle-build-in COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME beagle-bu 21856 beagleindex cwd DIR 253,3 4096 6799361 /store/video0/vdr beagle-bu 21856 beagleindex rtd DIR 253,0 4096 2 / Expected results: It should find the process even if I specify more than the first 15 characters of the process name. Additional info: kernel-2.6.15-1.2054_FC5
It seems lsof reads the name via /proc/<pid>/stat which in turn reads it from the kernel task structure which only keeps the first 15 characters of the process name. lsof will be out of luck ever finding a process name of more than 15 characters. Shouldn't lsof at least give a warning? Or it could try to truncate the name or match /proc/<pid>/cmdline which has the full name. from include/linux/sched.h: /* Task command name length */ #define TASK_COMM_LEN 16 struct task_struct { ... char comm[TASK_COMM_LEN]; /* executable name excluding path
I don't think that /proc/<pid>/cmdline is a good idea, because applications are able to modify their argv[]. It means /proc/<pid>/cmdline is not reliable and stable. The problem is that lsof tries to use command name which is longer that by system (kernel) supported names. I think the lsof command should be give a warning ("too long command name") or cut the argument from -c to maximal length which is supported by dialect (for linux is it 15 bytes). I will try to resolve it with upstream maintainer. Thanks for your report.
Created attachment 127148 [details] Program to test a fake process name Ok, thanks. I thought you might be interested to know that the kernel lets a process overwrite the main process name too so that isn't much more reliable than argv[0]. Here is the output of the test program attached which spoofs "FAKE!" as the process name to both ps and lsof: [jburgess@shark lsof]$ ./foo PID TTY TIME CMD 9973 pts/8 00:00:00 FAKE! COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME FAKE! 9973 jburgess cwd DIR 253,1 4096 2066861 /home/jburgess/lsof FAKE! 9973 jburgess rtd DIR 253,0 4096 2 / FAKE! 9973 jburgess txt REG 253,1 7781 1212430 /home/jburgess/lsof/foo FAKE! 9973 jburgess mem REG 0,0 0 [heap] (stat: No such file or directory) FAKE! 9973 jburgess mem REG 253,0 130200 753703 /lib64/ld-2.4.so FAKE! 9973 jburgess mem REG 253,0 1653456 753738 /lib64/libc-2.4.so ... I wonder whether selinux ought to have a policy to stop prctl(PR_SET_NAME).
Upstream changelog: 4.77 April 10, 2006 Based on a bug report from Karel Zak <kzak> added command name length checking to as many dialects as possible (Linux for Karel) for the "-c c" option. Example: # lsof -c gnome-screensaver lsof: "-c gnome-screensaver" length (17) > what system provides (15)