Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Feb 2020 12:57:00 +0300
From: Alexander Scherbatiy <>
To:, Rich Felker <>
Subject: Re: fopen with "e" mode to close file descriptor in exec... functions

Just a question about lsof options. On Ubuntu "lsof -q" gives: "lsof:
illegal option character: q".
Shouldn't busybox "lsof -p" give the similar error message?

Is there an open request to support "lsof -p" option in busybox?


On 08.02.2020 19:19, Rich Felker wrote:
> On Sat, Feb 08, 2020 at 10:45:10AM +0300, Alexander Scherbatiy wrote:
>> Below are steps to reproduce it in docker, logs from docker and strace log.
>>> docker run --rm -it alpine:3.11.3 ash
>>> apk add gcc
>>> apk add libc-dev
>> Copy the posix_spawn_sample.c code below (note it uses "ash" in 'char
>> *argv[] = {"ash", ,,,}' for posix_spawn on Alpine Linux )
>>> gcc -o posix_spawn_sample posix_spawn_sample.c
>>> ./posix_spawn_sample
>> --- output ---
>> / # ./posix_spawn_sample
>> Child pid: 17
>> PID=17
>> 1 /bin/busybox /dev/pts/0
>> 1 /bin/busybox /dev/pts/0
>> 1 /bin/busybox /dev/pts/0
>> 1 /bin/busybox /dev/tty
>> 16 /posix_spawn_sample /dev/pts/0
>> 16 /posix_spawn_sample /dev/pts/0
>> 16 /posix_spawn_sample /dev/pts/0
>> 16 /posix_spawn_sample /test.log
>> ----------------
>> Note that "test.log" file is listed by "lsof -p PID" command.
> It's listed as being owned by pid 16, the parent, not pid 17, the
> child. That's expected. At first I didn't understand why lsof -p is
> showing these additional pids (parent and init) in addition to the
> requested one. But it seems since you're using Docker those are the
> *only* pids running, and you just hit the issue that busybox lsof does
> not support -p (or any options at all) and always lists all open files
> for all processes.
> It would be a lot better to have your test do like I suggested and ls
> -l /proc/$$/fd rather than running lsof. Then you will very clearly
> that the log file is not open. Or even run an interactive shell as the
> child so you can explore /proc yourself from it.
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.