Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Feb 2020 09:56:55 -0500
From: Rich Felker <dalias@...c.org>
To: Alexander Scherbatiy <alexander.scherbatiy@...l-sw.com>
Cc: musl@...ts.openwall.com
Subject: Re: fopen with "e" mode to close file descriptor in exec...
 functions

On Mon, Feb 10, 2020 at 12:57:00PM +0300, Alexander Scherbatiy wrote:
> Just a question about lsof options. On Ubuntu "lsof -q" gives: "lsof:
> illegal option character: q".
> Shouldn't busybox "lsof -p" give the similar error message?
> 
> Is there an open request to support "lsof -p" option in busybox?

You could just install the full lsof with "apk add lsof". But there's
also a busybox bugtracker you could request it on. I think at least if
they're not going to support the options, busybox should error out on
them rather than ignoring them.

Rich


> On 08.02.2020 19:19, Rich Felker wrote:
> > On Sat, Feb 08, 2020 at 10:45:10AM +0300, Alexander Scherbatiy wrote:
> >> Below are steps to reproduce it in docker, logs from docker and strace log.
> >>
> >>> docker run --rm -it alpine:3.11.3 ash
> >>> apk add gcc
> >>> apk add libc-dev
> >> Copy the posix_spawn_sample.c code below (note it uses "ash" in 'char
> >> *argv[] = {"ash", ,,,}' for posix_spawn on Alpine Linux )
> >>
> >>> gcc -o posix_spawn_sample posix_spawn_sample.c
> >>> ./posix_spawn_sample
> >> --- output ---
> >> / # ./posix_spawn_sample
> >> Child pid: 17
> >> PID=17
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/pts/0
> >> 1 /bin/busybox /dev/tty
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /dev/pts/0
> >> 16 /posix_spawn_sample /test.log
> >> ----------------
> >>
> >> Note that "test.log" file is listed by "lsof -p PID" command.
> > It's listed as being owned by pid 16, the parent, not pid 17, the
> > child. That's expected. At first I didn't understand why lsof -p is
> > showing these additional pids (parent and init) in addition to the
> > requested one. But it seems since you're using Docker those are the
> > *only* pids running, and you just hit the issue that busybox lsof does
> > not support -p (or any options at all) and always lists all open files
> > for all processes.
> >
> > It would be a lot better to have your test do like I suggested and ls
> > -l /proc/$$/fd rather than running lsof. Then you will very clearly
> > that the log file is not open. Or even run an interactive shell as the
> > child so you can explore /proc yourself from it.
> >
> > Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.