With the commit referenced below a nasty bug affecting
aix parsing was swatted. Beyond the bug, the logic was
enhanced to disallow commas in the format string since
they would otherwise be shown with their field's data.
However, there remained many characters other than ','
that could survive the edits to then be shown adjacent
to the data. Well, with this patch they won't anymore!
[ along the way we will no longer try to forgive the ]
[ use of a double '%%' prefix since that resulted in ]
[ display of one '%' and field code instead of data. ]
Reference(s):
. March, 2022 - restored aix bahavior
commit f0b7fd31db
Signed-off-by: Jim Warner <james.warner@comcast.net>
[ since our'master' branch will suffer the same fate ]
[ this was ported from a patch created for 'newlib'. ]
-------------------------- original newlib commit text
-------------------------- (showing our master commit)
The commit shown below broke the aix behavior that Dr.
Fink recently reported. However, in the proposed patch
the old behavior, showing garbage when '%cpu' was used
with an invalid formatting option, would appear again.
So this patch, based on Werner's patch, goes the extra
distance to prevent that. Along the way we'll disallow
commas in the aix format str to prevent their display.
Reference(s):
https://www.freelists.org/post/procps/Procpsng-400-released-with-newlib,2
. Mar, 2022 - where aix bug was introduced
commit 05187e4f17
Prototyped-by: Dr. Werner Fink <werner@suse.de>
Signed-off-by: Jim Warner <james.warner@comcast.net>
[ the original newlib commit message(s) appear below ]
----------------------------------------- newlib patch
ps: swat insidious bug with the %cpu' format specifier
Whoa, my head really hurts but this commit should help
with a speedy recovery hopefully, after it is applied.
If the '%cpu' field is used as a format specifier with
that 'o' option, you will encounter a SIGSEGV if there
is also an invalid argument on that same command line.
For example, try 'ps/pscommand -o %cpu,x' with newlib.
With any format specifier other than the '%cpu', there
is an error message, as would happen with '-o pcpu,x'.
For a 3.3.17 version of ps, there's no abend. Instead,
the program will just display a bunch of gobbledygook.
This boo-boo was found to exist as far back as v3.3.0.
[ ok, i am starting to feel very much better already ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
Form its inception (back in May of 2011), escaped_copy
has always been a flawed function. It does not operate
on 'escaped' strings but instead treats all input as a
regular string incapable of containing utf8 sequences.
As such, it should only be used for strings guaranteed
to NOT contain multibyte characters (like supgid). For
all other strings, which could contain utf8 stuff, the
correct function should have been that escape_str guy.
So this commit changes nearly every escaped_copy call.
[ note: unlike the newlib guy, the master ps program ]
[ cannot properly handle utf8 multibyte sequences in ]
[ in the recently introduced 'exe' field shown below ]
Reference(s):
. Jun 2018, introduced 'exe' field
commit b556bf5ba8
. May 2011, original escaped_copy (cmdline, cgroup)
commit 7b0fc19e9d
Signed-off-by: Jim Warner <james.warner@comcast.net>
Use NULL in format_array to indicate that the print function shall be
used also for sorting. Change sr_nop() to NULL for all fields which
don't use pr_nop() for printing.
Before the commit (note that '--sort label' has no effect: the rows
are not sorted according to label field):
$ ps -A -o command,label --sort label | grep /lib/systemd
/lib/systemd/systemd-journa system_u:system_r:syslogd_t:s0
/lib/systemd/systemd-udevd system_u:system_r:udev_t:s0-s0:c0.c1023
/lib/systemd/systemd-networ system_u:system_r:systemd_networkd_t:s0
/lib/systemd/systemd-resolv system_u:system_r:systemd_resolved_t:s0
/lib/systemd/systemd-timesy system_u:system_r:ntpd_t:s0
/lib/systemd/systemd-logind system_u:system_r:systemd_logind_t:s0
/lib/systemd/systemd --user user_u:user_r:user_t:s0
/lib/systemd/systemd --user root:sysadm_r:sysadm_t:s0-s0:c0.c1023
grep /lib/systemd user_u:user_r:user_t:s0
After the commit, '--sort label' works and the output is sorted:
$ ps -A -o command,label --sort label | grep /lib/systemd
/lib/systemd/systemd --user root:sysadm_r:sysadm_t:s0-s0:c0.c1023
/lib/systemd/systemd-timesy system_u:system_r:ntpd_t:s0
/lib/systemd/systemd-journa system_u:system_r:syslogd_t:s0
/lib/systemd/systemd-logind system_u:system_r:systemd_logind_t:s0
/lib/systemd/systemd-networ system_u:system_r:systemd_networkd_t:s0
/lib/systemd/systemd-resolv system_u:system_r:systemd_resolved_t:s0
/lib/systemd/systemd-udevd system_u:system_r:udev_t:s0-s0:c0.c1023
/lib/systemd/systemd --user user_u:user_r:user_t:s0
grep /lib/systemd user_u:user_r:user_t:s0
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
With glibc, each time the strftime() function is used (twice per process
in a typical ps -fe run), a stat("/etc/localtime") system call is used
to determine the timezone. Not only does this add extra system call
overhead, but when multiple ps processes are trying to access this
file (or multiple glibc programs using strftime) in parallel, this can
trigger significant lock contention within the OS kernel.
Since ps is not intended to run for long periods of time as a
daemon (during which the system timezone could be altered and PS might
reasonably be expected to adapt its output), there is no benefit to
repeatedly doing this stat(). To stop this behavior, explicitly set the
TZ variable to its default value (:/etc/localtime) whenever it is unset.
glibc will then cache the stat() result.
The referenced commit the comm length was increased from 16 to 64
characters to handle the larger command names for things like kernel
threads.
However most user processes are limited to 15 characters which means
if you try something like ps -C myprogramisbiggerthansixteen this would
fail to match because /proc/<PID>/comm would only be myprogramisbigg
ps now checks the comm length and if it is 15 and if the given match
is 15 or more, it will only match the first 15 characters.
This is also how killall has worked for about a year.
Thanks to Jean Delvare <jdelvare@suse.de> for the note.
References:
commit 14005a371e
commit psmisc/psmisc@1188315cd0
Signed-off-by: Craig Small <csmall@dropbear.xyz>
A Qualys audit patch, represented in the commit below,
added the _exit() call to our abnormal signal handler.
Unfortunately, that disabled the associated core dump.
This patch restores expected behavior of those signals
whose default produces a core dump file + termination.
Reference(s):
commit 2e4a594221
Signed-off-by: Jim Warner <james.warner@comcast.net>
Previous versions of ps used to only match on the first 15 characters
because that's what the kernel used to provide. Newer kernels have a
longer length for this field so procps has been updated to suit.
References:
procps-ng/procps#101https://bugzilla.suse.com/show_bug.cgi?id=1099091
The library now presents command names up to 64 characters, in line with
the kernel changes. ps command name selection (the -C option) now also
is 64 characters long.
References:
commit 2cfdbbe897
To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
Right now, "we _exit() anyway" is not always true: for example, the
default action for SIGURG is to ignore the signal, which means that
"kill(getpid(), signo);" does not terminate the process. Call _exit()
explicitly, in this case (rather than exit(), because the terminating
kill() calls do not call the functions registered with atexit() either).
Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.
pr_bsdstart(): Replace "strcpy(outbuf," with "snprintf(outbuf, COLWID,"
(which is used in all surrounding functions). (side note: the fact that
many pr_*() functions simply return "snprintf(outbuf, COLWID," justifies
the "amount" checks added to show_one_proc() by the "ps/output.c:
Replace strcpy() with snprintf() in show_one_proc()." patch)
pr_stime(): Check the return value of strftime() (in case of an error,
"the contents of the array are undefined").
help_pr_sig(): Handle the "len < 8" case, otherwise "sig+len-8" may
point outside the sig string.
pr_context(): Handle the empty string case, or else "outbuf[len-1]"
points outside outbuf.
Enforce a maximum max_rightward of OUTBUF_SIZE-1, because it is used in
constructs such as "snprintf(outbuf, max_rightward+1," (we could remove
the extra check at the beginning of forest_helper() now, but we decided
to leave it, as a precaution and reminder).
The minimum max_rightward check is not strictly needed, because it is
unsigned. However, we decided to add it anyway:
- most of the other variables are signed;
- make it visually clear that this case is properly handled;
- ideally, the minimum max_rightward should be 1, not 0 (to prevent
integer overflows such as "max_rightward-1"), but this might change
the behavior/output of ps, so we decided against it, for now.
Instead, we fixed the only function that overflows if max_rightward is
0. Also, enforce the same safe range for max_leftward, although it is
never used throughout the code-base.
1/ Do not go deeper than the size of forest_prefix[], to prevent a
buffer overflow (sizeof(forest_prefix) is roughly 128K, but the maximum
/proc/sys/kernel/pid_max is 4M). (actually, we go deeper, but we stop
adding bytes to forest_prefix[])
2/ Always null-terminate forest_prefix[] at the current level.
This patch solves several problems:
1/ Limit the number of characters written (to outbuf) to OUTBUF_SIZE-1
(-1 for the null-terminator).
2/ Always null-terminate outbuf at q.
3/ Move the "rightward" checks *before* the strcpy() calls.
4/ Avoid an integer overflow in these checks (e.g., rightward-4).
The previous commit had one minor bug in it because the fields need
to be alphabetical and times comes after timeout.
Added NEWS item for this feature
Added another testsuite check for new flags in case they
disappear or go strange one day.
References:
commit 8a94ed6111
The ps program generally supports multi-byte sequences
in strings representing user and group names. However,
should a multi-byte sequence span the maximum width of
a column, the '+' inserted by ps to signify truncation
will corrupt that sequence, misaligning the text line.
Unfortunately, there's insufficient info returned from
the escape_str function (who calls escape_str_utf8) to
provide a robust response. So, this commit will revert
to the old standby of displaying a number when the '+'
character would've corrupted that multi-byte sequence.
Signed-off-by: Jim Warner <james.warner@comcast.net>
The combined results of merge request #49 without that
overhead plus distortion in this repository's history.
Prototyped-by: Wayne Porter <wporter82@gmail.com>
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:627:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]
ps/output.c: In function 'pr_context':
ps/output.c:1273:14: warning: unused variable 'tried_load' [-Wunused-variable]
ps/output.c:1272:16: warning: unused variable 'ps_is_selinux_enabled' [-Wunused-variable]
ps/output.c:1272:16: warning: 'ps_is_selinux_enabled' defined but not used [-Wunused-variable]
ps/output.c:1273:14: warning: 'tried_load' defined but not used [-Wunused-variable]
ps/output.c:1837:18: warning: 'shortsort_array_count' defined but not used [-Wunused-const-variable=]
ps/output.c:1803:18: warning: 'aix_array_count' defined but not used [-Wunused-const-variable=]
ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
ps/sortformat.c: In function 'format_parse':
ps/sortformat.c:241:1: warning: label 'out' defined but not used [-Wunused-label]
ps/stacktrace.c:176:13: warning: 'stack_trace_sigsegv' defined but not used [-Wunused-function]
watch.c: In function 'process_ansi':
watch.c:234:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:237:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch ensures that namespace output will look the
same whether ps is built under a 32 or a 64-bit model.
[ it would have been easier to change that library's ]
[ data type, but we'll avoid breaking that ABI again ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
While a Debian bug report referenced below was limited
to the 'eip' and 'esp' fields, this patch also extends
address width adaptations to some other addresses too.
[ and, we do so in a far less invasive manner than a ]
[ redhat approach shown below adding two new fields! ]
Reference(s):
. new debian bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846361
. old redhat solution
https://bugzilla.redhat.com/show_bug.cgi?id=244152
Signed-off-by: Jim Warner <james.warner@comcast.net>
dlopen() functionality is only used when SELinux support is enabled, so
<dlfcn.h> only needs to be included when ENABLE_LIBSELINUX is
defined. This fixes the build in configurations where <dlfcn.h> is not
available.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch adapts the ps program to a newly add proc_t
field and provides for new support in that top program
along with his man document (ps was already ok there).
Signed-off-by: Jim Warner <james.warner@comcast.net>
We'll now display a '?' for any systemd field when our
library was built without that above configure option.
Since the man page documents such fields this approach
is far superior to that old (confusing) error message:
. error: unknown user-defined format specifier "slice"
Signed-off-by: Jim Warner <james.warner@comcast.net>
If SELINUX is enabled but the machine is using another MAC system
(like apparmor), ps will fallback to just parsing
"/proc/%d/attr/current", otherwise the label/context would not
be properly displayed in that case.
References:
https://bugs.debian.org/786956
Signed-off-by: Craig Small <csmall@enc.com.au>
ps previously followed the Unix98 standard when it comes to
user-defined output, sometimes. This meant you could have
user output format with a header that included commas and
equals signs. It was dependent on if ps thought you wanted
sysv or bsd format and THAT was dependent on things in previous
options.
It was very confusing to a user because
ps p $$ -o pid=,comm=
gave you a two-column output but
ps -p $$ -o pid=,comm=
would give you a one column output with the header ",comm="
The -p versus p means (to ps) you want sysv or bsd parsing.
Unix98 standard or not, this is plainly just silly.
The commit removes any of the quirks Unix98 has with user defined
output. If you really wanted a ps header with commas in the output,
today isn't your day.
Signed-off-by: Craig Small <csmall@enc.com.au>
The cgroup field while shown as a vector is a concatenated
string, so alot of the complexity of sorting and displaying
has gone.
This change simplifies the cgroup sorting and adds display
and sorting for the name attribute of the cgroup, if found.
Signed-off-by: Craig Small <csmall@enc.com.au>