This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 186637 - lsof -c long-command-name fails
lsof -c long-command-name fails
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: lsof (Show other bugs)
5
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-24 16:32 EST by Jon Burgess
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-26 07:54:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Program to test a fake process name (673 bytes, text/plain)
2006-03-31 14:13 EST, Jon Burgess
no flags Details

  None (edit)
Description Jon Burgess 2006-03-24 16:32:07 EST
Description of problem:
"lsof -c long-command-name" fails if the command is more than 16 characters long

Version-Release number of selected component (if applicable):
lsof-4.76-2

How reproducible:
Every time

Steps to Reproduce:
1. Find a running process with a long name 
2. lsof -c <process name>
3. If nothing is produced, trim off a few characters from the name and try again.
  
Actual results:
[root@shark beagle]# lsof -c cups-config-daemon
[root@shark beagle]# lsof -c cups-config-daem
[root@shark beagle]# lsof -c cups-config-da
COMMAND    PID USER   FD   TYPE             DEVICE    SIZE    NODE NAME
cups-conf 2726 root  cwd    DIR              253,0    4096       2 /
cups-conf 2726 root  rtd    DIR              253,0    4096       2 /
cups-conf 2726 root  txt    REG              253,0   24304 2135449
/usr/bin/cups-config-daemon
...

Same with beagle-index-daemon:
[root@shark beagle]# lsof -c beagle-build-index
[root@shark beagle]# lsof -c beagle-build-inde
[root@shark beagle]# lsof -c beagle-build-ind
[root@shark beagle]# lsof -c beagle-build-in
COMMAND     PID        USER   FD   TYPE DEVICE     SIZE    NODE NAME
beagle-bu 21856 beagleindex  cwd    DIR  253,3     4096 6799361 /store/video0/vdr
beagle-bu 21856 beagleindex  rtd    DIR  253,0     4096       2 /


Expected results:
It should find the process even if I specify more than the first 15 characters
of the process name.

Additional info:
kernel-2.6.15-1.2054_FC5
Comment 1 Jon Burgess 2006-03-24 17:45:27 EST
It seems lsof reads the name via /proc/<pid>/stat which in turn reads it from
the kernel task structure which only keeps the first 15 characters of the
process name. lsof will be out of luck ever finding a process name of more than
15 characters. Shouldn't lsof at least give a warning? Or it could try to
truncate the name or match /proc/<pid>/cmdline which has the full name.

from include/linux/sched.h:

/* Task command name length */
#define TASK_COMM_LEN 16

struct task_struct {
...
	char comm[TASK_COMM_LEN]; /* executable name excluding path
Comment 2 Karel Zak 2006-03-27 07:07:38 EST
I don't think that /proc/<pid>/cmdline is a good idea, because applications are
able to modify their argv[]. It means /proc/<pid>/cmdline is not reliable and
stable. 

The problem is that lsof tries to use command name which is longer that by
system (kernel) supported names. I think the lsof command should be give a
warning ("too long command name") or cut the argument from -c to maximal length
which is supported by dialect (for linux is it 15 bytes). 

I will try to resolve it with upstream maintainer. Thanks for your report.
Comment 3 Jon Burgess 2006-03-31 14:13:08 EST
Created attachment 127148 [details]
Program to test a fake process name

Ok, thanks.  I thought you might be interested to know that the kernel lets a
process overwrite the main process name too so that isn't much more reliable
than argv[0]. Here is the output of the test program attached which spoofs
"FAKE!" as the process name to both ps and lsof:

[jburgess@shark lsof]$ ./foo
  PID TTY	   TIME CMD
 9973 pts/8    00:00:00 FAKE!
COMMAND  PID	 USER	FD   TYPE DEVICE    SIZE    NODE NAME
FAKE!	9973 jburgess  cwd    DIR  253,1    4096 2066861 /home/jburgess/lsof
FAKE!	9973 jburgess  rtd    DIR  253,0    4096       2 /
FAKE!	9973 jburgess  txt    REG  253,1    7781 1212430
/home/jburgess/lsof/foo
FAKE!	9973 jburgess  mem    REG    0,0	       0 [heap] (stat: No such
file or directory)
FAKE!	9973 jburgess  mem    REG  253,0  130200  753703 /lib64/ld-2.4.so
FAKE!	9973 jburgess  mem    REG  253,0 1653456  753738 /lib64/libc-2.4.so
...

I wonder whether selinux ought to have a policy to stop prctl(PR_SET_NAME).
Comment 4 Karel Zak 2006-05-24 07:11:50 EDT
Upstream changelog: 

4.77 April 10, 2006
                Based on a bug report from Karel Zak <kzak@redhat.com>
                added command name length checking to as many dialects
                as possible (Linux for Karel) for the "-c c" option.

Example:

# lsof -c gnome-screensaver
lsof: "-c gnome-screensaver" length (17) > what system provides (15)





Note You need to log in before you can comment on or make changes to this bug.