Commit Graph

2473 Commits

Author SHA1 Message Date
Qualys Security Advisory
48d118b81b 0084-proc/readproc.c: Work around a design flaw in readeither().
readeither() caches (in new_p) a pointer to the proc_t of a task-group
leader, but readeither()'s callers can do pretty much anything with the
proc_t structure passed to and/or returned by this function. For
example, they can 1/ free it or 2/ recycle it (by passing it to
readeither() as x).

1/ leads to a use-after-free, and 2/ leads to unexpected behavior when
taskreader()/simple_readtask() is called with new_p equal to x (this is
not a theoretical flaw: 2/ happens in readproctab3() when want_task()
returns false and p is a group leader).

As a workaround, we keep a copy of new_p's first member (tid) in static
storage, and the next times we enter readeither() we check this "canary"
against the tid in new_p: if they differ, we reset new_p to NULL, which
forces the allocation of a new proc_t (the new "leader", or reference).

This always detects 2/ (because free_acquired(x,1) memsets x and hence
new_p); always detects 1/ if freed via free_acquired() and/or freeproc()
(very likely, otherwise memory may be leaked); probably detects 1/ even
if freed directly via free() (because the canary is the first member of
proc_t, likely to be overwritten by free()); but can not detect 1/ if
free() does not write to new_p's chunk at all.

Moreover, accessing new_p->tid to check the canary in case 1/ is itself
a use-after-free, so a better long-term solution should be implemented
at some point (we wanted to avoid intrusive and backward-incompatible
changes in this library function, hence this imperfect workaround).

---------------------------- adapted for newlib branch
. adapted via 'patch' (rejected due to 'xcalloc' ref)
. with loss of both readproctab functions, most no longer true

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
b9a9fd4c74 0082-proc/readproc.c: Fix double-free()s in readtask().
If QUICK_THREADS is not defined (it is not by default, but most
distributions enable it) and task_dir_missing is true (only on very old
kernels), then readtask() forgets to reset some of the struct proc_t t's
members, which later results in double-free()s in free_acquired().

For now, we simply synchronized the list of members to be reset with the
list of members freed in free_acquired().

---------------------------- adapted for newlib branch
. now 'cmd' is also dynamic
. just synchronized with those freed in free_acquired
. QUICK_THREADS is now FALSE_THREADS, serving different purpose
. entire patch will be effectively reverted with upcoming refactor

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
990ea89ae9 0080-proc/readproc.c: Harden openproc().
Replace xmalloc() with xcalloc().

---------------------------- adapted for newlib branch
. trade xcalloc() for calloc()
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
c03e52786d 0078-proc/readproc.c: Harden simple_nextpid().
Replace memcpy+strcpy with snprintf.

---------------------------- adapted for newlib branch
. adapted via 'patch' (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
ed463c7d88 0077-proc/readproc.c: Harden fill_cgroup_cvt().
Check the return value of snprintf(), otherwise dst may point
out-of-bounds when it reaches the end of the dst_buffer (the snprintf()
always returns 1 in that case, even if there is not enough space left),
and vMAX becomes negative and is passed to snprintf() as a size_t.

---------------------------- adapted for newlib branch
. adapted via 'patch (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1052091107 0076-proc/readproc.c: Harden vectorize_this_str().
This detects an integer overflow of "strlen + 1", prevents an integer
overflow of "tot + adj + (2 * pSZ)", and avoids calling snprintf with a
string longer than INT_MAX. Truncate rather than fail, since the callers
do not expect a failure of this function.

---------------------------- adapted for newlib branch
. logic is now in pids.c
. former 'vectorize_this_str' is now 'pids_vectorize_this'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
d9c0a3e36f 0075-proc/readproc.c: Harden read_unvectored().
1/ Prevent an out-of-bounds write if sz is 0.

2/ Limit sz to INT_MAX, because the return value is an int, not an
unsigned int (and because if INT_MAX is equal to SSIZE_MAX, man 2 read
says "If count is greater than SSIZE_MAX, the result is unspecified.")

3/ Always null-terminate dst (unless sz is 0), because a return value of
0 because of an open() error (for example) is indistinguishable from a
return value of 0 because of an empty file.

4/ Use an unsigned int for i (just like n), not an int.

5/ Check for snprintf() truncation.

---------------------------- adapted for newlib branch
. adapted via 'patch (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
86d3d37406 0074-proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!

For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and behavior changes, while fixing the
various bugs and overflows. And like the "Harden file2str()" patch, this
patch does not fail when about to overflow, but truncates instead: there
is information available about this process, so return it to the caller;
also, we used INT_MAX as a limit, but a lower limit could be used.

The easy changes:

- Replace sprintf() with snprintf() (and check for truncation).

- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
  do break instead of return: it simplifies the code (only one place to
  handle errors), and also guarantees that in the while loop either n or
  tot is > 0 (or both), even if n is reset to 0 when about to overflow.

- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
  code, since we enter the while loop only if n >= 0.

- Rewrite the missing-null-terminator detection: in the original
  function, if the size of the file is a multiple of 2047, a null-
  terminator is appended even if the file is already null-terminated.

- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
  originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
  to handle the first break of the while loop, and to guarantee that in
  the rest of the function tot is > 0.

- Double-force ("belt and suspenders") the null-termination of rbuf:
  this is (and was) essential to the correctness of the function.

- Replace the final "while" loop with a "for" loop that behaves just
  like the preceding "for" loop: in the original function, this would
  lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
  would return the array {"",NULL} but should return {"","A",NULL}; and
  if rbuf is |A|\0|B| (should never happen because rbuf should be null-
  terminated), this would make room for two pointers in ret, but would
  write three pointers to ret).

The hard changes:

- Prevent the integer overflow of tot in the while loop, but unlike
  file2str(), file2strvec() cannot let tot grow until it almost reaches
  INT_MAX, because it needs more space for the pointers: this is why we
  introduced ARG_LEN, which also guarantees that we can add "align" and
  a few sizeof(char*)s to tot without overflowing.

- Prevent the integer overflow of "tot + c + align": when INT_MAX is
  (almost) reached, we write the maximal safe amount of pointers to ret
  (ARG_LEN guarantees that there is always space for *ret = rbuf and the
  NULL terminator).

---------------------------- adapted for newlib branch
. there were many formatting differences
. i introduced several myself (especially comments)
. stdlib 'realloc' used, not that home grown xrealloc
. stdlib 'realloc' required extra 'return NULL' statement

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
0bc48f7af7 0073-proc/readproc.c: Harden file2str().
1/ Replace sprintf() with snprintf() (and check for truncation).

2/ Prevent an integer overflow of ub->siz. The "tot_read--" is needed to
avoid an off-by-one overflow in "ub->buf[tot_read] = '\0'". It is safe
to decrement tot_read here, because we know that tot_read is equal to
ub->siz (and ub->siz is very large).

We believe that truncation is a better option than failure (implementing
failure instead should be as easy as replacing the "tot_read--" with
"tot_read = 0").

---------------------------- adapted for newlib branch
. no real changes, patch refused due to mem alloc & failure return

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
7c09d76e9b 0072-proc/readproc.c: Harden stat2proc().
1/ Use a "size_t num" instead of an "unsigned num" (also, do not store
the return value of sscanf() into num, it was unused anyway).

2/ Check the return value of strchr() and strrchr().

3/ Never jump over the terminating null byte with "S = tmp + 2".

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. the cmd field is now also dynamic (like cmdline)
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
ec0cb25af6 0071-proc/readproc.c: Harden supgrps_from_supgids().
1/ Prevent an integer overflow of t.

2/ Avoid an infinite loop if s contains characters other than comma,
spaces, +, -, and digits.

3/ Handle all possible return values of snprintf().

---------------------------- adapted for newlib branch
. we can't use xrealloc(), so we use realloc() instead
. and must account for a mem failure via a return of 1

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
807498f899 0070-proc/readproc.c: Harden status2proc().
1/ Do not read past the terminating null byte when hashing the name.

2/ S[x] is used as an index, but S is "char *S" (signed) and hence may
index the array out-of-bounds. Bit-mask S[x] with 127 (the array has 128
entries).

3/ Use a size_t for j, not an int (strlen() returns a size_t).

Notes:

- These are (mostly) theoretical problems, because the contents of
  /proc/PID/status are (mostly) trusted.

- The "name" member of the status_table_struct has 8 bytes, and
  "RssShmem" occupies exactly 8 bytes, which means that "name" is not
  null-terminated. This is fine right now, because status2proc() uses
  memcmp(), not strcmp(), but it is worth mentioning.

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. newlib also had a '#ifdef FALSE_THREADS'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
0753b86931 0069-proc/readproc.c: Fix the unhex() function.
This function is unused (SIGNAL_STRING is defined by default, and if it
is not, procps does not compile -- for example, there is no "outbuf" in
help_pr_sig()) but fix it anyway. There are two bugs:

- it accepts non-hexadecimal characters (anything >= 0x30);

- "(c - (c>0x57) ? 0x57 : 0x30)" is always equal to 0x57.

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1e48648b82 0051-proc/escape.c: Prevent buffer overflows in escape_command().
This solves several problems:

1/ outbuf[1] was written to, but not outbuf[0], which was left
uninitialized (well, SECURE_ESCAPE_ARGS() already fixes this, but do it
explicitly as well); we know it is safe to write one byte to outbuf,
because SECURE_ESCAPE_ARGS() guarantees it.

2/ If bytes was 1, the write to outbuf[1] was an off-by-one overflow.

3/ Do not call escape_str() with a 0 bufsize if bytes == overhead.

4/ Prevent various buffer overflows if bytes <= overhead.
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1eddce14c3 0050-proc/escape.c: Prevent integer overflows in escape_str_utf8().
Simply rearrange the old comparisons. The new comparisons are safe,
because we know from previous checks that:

1/ wlen > 0

2/ my_cells < *maxcells (also: my_cells >= 0 and *maxcells > 0)

3/ len > 1

4/ my_bytes+1 < bufsize (also: my_bytes >= 0 and bufsize > 0)
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
8f49e98a3f 0049-proc/escape.c: Handle negative wcwidth() return value.
This should never happen, because wcwidth() is called only if iswprint()
returns nonzero. But belt-and-suspenders, and make it visually clear
(very important for the next patch).
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1ecf125d3f 0048-proc/escape.c: Make sure all escape*() arguments are safe.
The SECURE_ESCAPE_ARGS() macro solves several potential problems
(although we found no problematic calls to the escape*() functions in
procps's code-base, but had to thoroughly review every call; and this is
library code):

1/ off-by-one overflows if the size of the destination buffer is 0;

2/ buffer overflows if this size (or "maxroom") is negative;

3/ integer overflows (for example, "*maxcells+1");

4/ always null-terminate the destination buffer (unless its size is 0).

---------------------------- adapted for newlib branch
. the escape.c now has just a single exported function
. thus SECURE_ESCAPE_ARGS() is needed in only 2 places
. unlike that original patch, macro is executed 1 time
( not like 'escape_command' calling 'escape_strlist' )
( which might then call 'escape_str' multiple times! )

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
efae601c3c 0047-proc/whattime.c: Always initialize buf.
In the human_readable case; otherwise the strcat() that follows may
append bytes to the previous contents of buf.

Also, slightly enlarge buf, as it was a bit too tight.

Could also replace all sprintf()s with snprintf()s, but all the calls
here output a limited number of characters, so they should be safe.

---------------------------- adapted for newlib branch
. the source file is now proc/uptime.c
. function is now named 'procps_uptime_sprint()'
. new human readable function 'procps_uptime_sprint_short()'
. both were already initialized, so just raised size of 2 buffers

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
d1729bed6b 0042-proc/slab.h: Fix off-by-one overflow in sscanf().
In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.

---------------------------- adapted for newlib branch
. file is now proc/slabinfo.c (not .h)
. manifest constant renamed SLABINFO_NAME_LEN
. older parse_slabinfo11() function no longer present

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
d3ff255fa5 0041-proc/sig.c: Harden print_given_signals().
And signal_name_to_number().

---------------------------- adapted for newlib branch
. file has been moved to: lib/signals.c
. only 'signal_name_to_number()' was impacted
. function 'print_given_signals()' no longer exists
. thus the bulk of original patch no longer applicable

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
69b67b6f6e 0040-proc/devname.c: Never write more than "chop" (part 2).
"chop" is the maximum offset where the null-byte should be written;
respect this even if about to write just one (non-null) character.
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
0e365c8930 0039-proc/devname.c: Never write more than "chop" characters.
This should be guaranteed by "tmp[chop] = '\0';" and "if(!c) break;" but
this patch adds a very easy belt-and-suspenders check.
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
a3111efa71 0038-proc/devname.c: Prevent off-by-one overflow in dev_to_tty(). 2018-06-09 21:35:19 +10:00
Qualys Security Advisory
170397d59c 0037-proc/devname.c: Use snprintf() in link_name().
Found no problematic use case at the moment, but better safe than sorry.
Also, return an error on snprintf() or readlink() truncation.
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
50b343e068 0032-proc/sig.c: Fix the strtosig() function.
Do not memleak "copy" in case of an error.

Do not use "sizeof(converted)" in snprintf(), since "converted" is a
"char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)"
which is guaranteed to be 1 by the C standard, and replace 8 with 12,
which is enough to hold any stringified int and does not consume more
memory (in both cases, the glibc malloc()ates a minimum-sized chunk).

---------------------------- adapted for newlib branch
. no longer in library, logic  now found in lib/signals.c
. craig already addressed "copy" memleak in commit beloww

Reference(s):
commit d2df396ba9

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Craig Small
ef03c89447 misc: Move NEWS item to correct version 2018-05-06 09:55:56 +10:00
Craig Small
61a9a54229 library: check not undef SIGLOST
sig.c had this odd logic where on non-Hurd systems it would undefine
SIGLOST. Fine for Hurd or amd64 Linux systems. Bad for a sparc which
has SIGLOST defined *and* is not Hurd.

Just check its defined, its much simpler.
2018-05-06 07:20:12 +10:00
Jim Warner
1f95cfe8a6 NEWS: note build on non-glibc systems _____ (catch up)
--------------- Original Master Branch Commit Message:
Some non-glibc systems didn't have libio.h or __BEGIN_DECLS
Changes to make it more standard.

References:
 issue #88

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
cf7c795c2a update translations _______________________ (catch up)
--------------- Original Master Branch Commit Message:
[ none ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
f28d605a0d free: fix scaling on 32-bit systems _______ (catch up)
--------------- Original Master Branch Commit Message:
Systems that have a 32-bit long would give incorrect results in free.

References:
 Issue #89
 https://www.freelists.org/post/procps/frees-scale-size-broken-with-32bit-long

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
5fee15fcb6 misc: Update news about #91 _______________ (catch up)
--------------- Original Master Branch Commit Message:
[ none ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
0e5c4373f4 Revert Support running with child namespace (catch up)
--------------- Original Master Branch Commit Message:
This reverts commit dcb6914f11.

This commit broke a lot of scripts that were expecting to see all
programs. See #91

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
ac73415e32 pgrep: Don't segfault with no match _______ (catch up)
--------------- Original Master Branch Commit Message:
If pgrep is run with a non-program name match and there are
no matches, it segfaults.

The testsuite thinks zero bytes sent, and zero bytes sent
because the program crashed is the same :/

References:
 commit 1aacf4af7f
 https://bugs.debian.org/894917

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
036ab9a3dd misc: Update translation from Trans project (catch up)
--------------- Original Master Branch Commit Message:
[ none ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
c7b7ab8547 3.3.13 release candidate 1 ________________ (catch up)
--------------- Original Master Branch Commit Message:
Update NEWS with the version
Add library API change into NEWS
Update c:r:a for library to 7:0:1

This means the current and age are incremented, so old programs can
use new library but not vice-versa as they won't have the numa*
functions.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
d1e2373c3c misc: Update translations _________________ (catch up)
--------------- Original Master Branch Commit Message:
po4a is awful, basically.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
1f27f3fb61 misc: update NEWS with some missed items __ (catch up)
--------------- Original Master Branch Commit Message:
[ none ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
479b9e54b1 misc: Add some link examples to sysctl.conf (catch up)
--------------- Original Master Branch Commit Message:
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.

Most kernels probably have this enabled anyhow.

References:
 https://bugs.debian.org/889098
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
 561ec64ae6

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
fb44ecf12f docs: Note limitation of pidof find scripts (catch up)
--------------- Original Master Branch Commit Message:
pidof will miss scripts that are run a certain way due to how
they appear in procfs. This is just a note to say it might miss
them.

References:
 procps-ng/procps#17

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
39980d6e31 watch: use sysconf() for hostname length __ (catch up)
--------------- Original Master Branch Commit Message:
Hurd doesn't have HOST_NAME_MAX, neither does Solaris.
An early fix just checked for this value and used 64 instead.
This change uses sysconf which is the correct method, possibly until
this compiles on some mis-behaving OS which doesn't have this value.

References:
 commit e564ddcb01
 procps-ng/procps#54

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
583472be8b sysctl: fix typo in help __________________ (catch up)
--------------- Original Master Branch Commit Message:
Changed "a variables" to "the given variable(s)"

References:
 procps-ng/procps#84

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
fcd97e6a62 docs: Reword --exec option in watch.1 _____ (catch up)
--------------- Original Master Branch Commit Message:
The manual page for watch for the exec option was confusing and
backwards. Hopefully this one makes more sense.

References:
 procps-ng/procps#75

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
b0908eec4b library: replace the troublesome '__BEGIN_DECLS' macro
When 'newlib' was introduced, in the commit referenced
below, the use of that glibc '__BEGIN_DECLS' macro was
standardized. However, as issue #88 revealed, this may
result in a fatal build error with other environments.

So, this patch just trades that macro for the standard
'#ifdef __cplusplus' conventions (thus avoiding use of
all those '#include <features.h>' directives as well).

Reference(s):
. newlib introduced
commit a410e236ab
. procps-ng-3.3.13 issue
https://gitlab.com/procps-ng/procps/issues/88
. some additional discussion
https://www.freelists.org/post/procps/PATCH-Replace-glibcspecific-macros-in-procnumah,1
. musl wiki (see: sys/cdefs.h error messages)
https://wiki.musl-libc.org/faq.html

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
bae272fe22 library: eliminate inappropriate '__BEGIN_DECLS' macro
This patch simply eliminates that glibc specific macro
from all header files which contain no public callable
functions. After all, if user code can't link to them,
then protection from C++ name mangling is unnecessary.

[ we also remove any related '#include <features.h>' ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
c683d9fe48 procio: fixed grammar in man page plus program comment
The only essential change was substituting 'comma' for
the word 'colon' in the man page plus program comment.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
06afd10525 procio: remove glibc dependency & make a proper header
Duplicate that <libio.h> change made in master branch.

While we're at it, let's remove an unnecessary include
from procio.h and reflect in its single prototype what
those 'const char *' params are really supposed to be.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:38 +10:00
Jim Warner
c2a29d370c sysctl: relocate the procio code to a more proper home
Now that the procio logic was removed from the library
we must move the header file, lest we break make dist.

In the process, we will relocate that source file too.

[ we'll take a slightly different approach than that ]
[ used under the master branch by exploiting those 2 ]
[ non-library directories 'include' and 'lib', while ]
[ avoiding any sysctl hard coded function prototype. ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-06 07:19:37 +10:00
Craig Small
5d8746b941 misc: fix ps etime tests
The test assumes only one process appears which, depending on the
speed of things, may not be true. It now matches one to many process
lines.
2018-05-03 21:13:16 +10:00
Debabrata Banerjee
0e39102f75 Support running with child namespaces
By default pgrep/pkill should not kill processes in a namespace it is not
part of. If this is allowed, it allows callers to break namespaces they did
not expect to affect, requiring rewrite of all callers to fix.

So by default, we should work in the current namespace. If --ns 0 is
specified, they we look at all namespaces, and if any other pid is specified
we continue to look in only that namespace.

Signed-off-by: Debabrata Banerjee <dbanerje@akamai.com>

References:
 procps-ng/procps!41
2018-03-03 18:08:32 +11:00
Jim Warner
b2d7f620c0 top: show that truncation indicator ('+') consistently
With a little luck, this should be the final tweak for
our support of extra wide characters. Currently, those
characters don't always display the '+' indicator when
they've been truncated. Now, it should always be seen.

[ plus it's done a tad more efficiently via snprintf ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-03-03 17:53:10 +11:00