Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 10 Feb 2020 09:56:55 -0500
From: Rich Felker <dalias@...c.org>
To: Alexander Scherbatiy <alexander.scherbatiy@...l-sw.com>
Cc: musl@...ts.openwall.com
Subject: Re: fopen with "e" mode to close file descriptor in exec...
 functions

On Mon, Feb 10, 2020 at 12:57:00PM +0300, Alexander Scherbatiy wrote:
> Just a question about lsof options. On Ubuntu "lsof -q" gives: "lsof:
> illegal option character: q".
> Shouldn't busybox "lsof -p" give the similar error message?
> 
> Is there an open request to support "lsof -p" option in busybox?

You could just install the full lsof with "apk add lsof". But there's
also a busybox bugtracker you could request it on. I think at least if
they're not going to support the options, busybox should error out on
them rather than ignoring them.

Rich


> On 08.02.2020 19:19, Rich Felker wrote:
> > On Sat, Feb 08, 2020 at 10:45:10AM +0300, Alexander Scherbatiy wrote:
> >> Below are steps to reproduce it in docker, logs from docker and strace log.
> >>
> >>> docker run --rm -it alpine:3.11.3 ash
> >>> apk add gcc
> >>> apk add libc-dev
> >> Copy the posix_spawn_sample.c code below (note it uses "ash" in 'char
> >> *argv[] = {"ash", ,,,}' for posix_spawn on Alpine Linux )
> >>
> >>> gcc -o posix_spawn_sample posix_spawn_sample.c
> >>> ./posix_spawn_sample
> >> --- output ---
> >> / # ./posix_spawn_sample
> >> Child pid: 17
> >> PID=17
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/tty
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /test.log
> >> ----------------
> >>
> >> Note that "test.log" file is listed by "lsof -p PID" command.
> > It's listed as being owned by pid 16, the parent, not pid 17, the
> > child. That's expected. At first I didn't understand why lsof -p is
> > showing these additional pids (parent and init) in addition to the
> > requested one. But it seems since you're using Docker those are the
> > *only* pids running, and you just hit the issue that busybox lsof does
> > not support -p (or any options at all) and always lists all open files
> > for all processes.
> >
> > It would be a lot better to have your test do like I suggested and ls
> > -l /proc/$$/fd rather than running lsof. Then you will very clearly
> > that the log file is not open. Or even run an interactive shell as the
> > child so you can explore /proc yourself from it.
> >
> > Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.