]> granicus.if.org Git - procps-ng/log
procps-ng
6 years agoproc/whattime.c: Always initialize buf.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/whattime.c: Always initialize buf.

In the human_readable case; otherwise the strcat() that follows may
append bytes to the previous contents of buf.

Also, slightly enlarge buf, as it was a bit too tight.

Could also replace all sprintf()s with snprintf()s, but all the calls
here output a limited number of characters, so they should be safe.

6 years agoproc/slab.c: Initialize struct slab_info in get_slabnode().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/slab.c: Initialize struct slab_info in get_slabnode().

Especially its "next" member: this is what caused the crash in "slabtop:
Reset slab_list if get_slabinfo() fails." (if parse_slabinfo*() fails in
sscanf(), for example, then curr is set to NULL but it is already linked
into the "list" and its "next" member was never initialized).

6 years agoproc/sysinfo.c: Fix off-by-one in get_pid_digits().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/sysinfo.c: Fix off-by-one in get_pid_digits().

At "pidbuf[rc] = '\0';" if "rc = read()" returns "sizeof pidbuf"
(unlikely to ever happen, but still).

6 years agoproc/sysinfo.c: Prevent integer overflow of realloc() size.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/sysinfo.c: Prevent integer overflow of realloc() size.

6 years agoproc/slab.c: Check correct number of items after sscanf().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/slab.c: Check correct number of items after sscanf().

6 years agoproc/slab.h: Fix off-by-one overflow in sscanf().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/slab.h: Fix off-by-one overflow in sscanf().

In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.

6 years agoproc/sig.c: Harden print_given_signals().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/sig.c: Harden print_given_signals().

And signal_name_to_number().

6 years agoproc/devname.c: Never write more than "chop" (part 2).
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/devname.c: Never write more than "chop" (part 2).

"chop" is the maximum offset where the null-byte should be written;
respect this even if about to write just one (non-null) character.

6 years agoproc/devname.c: Never write more than "chop" characters.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/devname.c: Never write more than "chop" characters.

This should be guaranteed by "tmp[chop] = '\0';" and "if(!c) break;" but
this patch adds a very easy belt-and-suspenders check.

6 years agoproc/devname.c: Prevent off-by-one overflow in dev_to_tty().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/devname.c: Prevent off-by-one overflow in dev_to_tty().

6 years agoproc/devname.c: Use snprintf() in link_name().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/devname.c: Use snprintf() in link_name().

Found no problematic use case at the moment, but better safe than sorry.
Also, return an error on snprintf() or readlink() truncation.

6 years agoproc/version.h: Protect parameter in LINUX_VERSION() macro.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/version.h: Protect parameter in LINUX_VERSION() macro.

Just in case (no problematic use case at the moment).

6 years agoproc/alloc.*: Use size_t, not unsigned int.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/alloc.*: Use size_t, not unsigned int.

Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).

Warnings:

- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
  because of the ++size;

- here, xstrdup() can return NULL (if str is NULL), which goes against
  the idea of the xalloc wrappers.

We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?

6 years agoproc/alloc.c: Use vfprintf(), not fprintf().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/alloc.c: Use vfprintf(), not fprintf().

This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory

6 years agoproc/readproc.c: Add checks to get_ns_name() and get_ns_id().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/readproc.c: Add checks to get_ns_name() and get_ns_id().

6 years agoproc/sig.c: Fix the strtosig() function.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
proc/sig.c: Fix the strtosig() function.

Do not memleak "copy" in case of an error.

Do not use "sizeof(converted)" in snprintf(), since "converted" is a
"char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)"
which is guaranteed to be 1 by the C standard, and replace 8 with 12,
which is enough to hold any stringified int and does not consume more
memory (in both cases, the glibc malloc()ates a minimum-sized chunk).

6 years agoskill: Do not scan past the null-terminator in check_proc().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Do not scan past the null-terminator in check_proc().

6 years agoskill: Check return value of str*chr() in check_proc().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Check return value of str*chr() in check_proc().

6 years agoskill: Properly null-terminate buf in check_proc().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Properly null-terminate buf in check_proc().

Right now, if read() returns less than 127 bytes (the most likely case),
the end of the "string" buf will contain garbage from the stack, because
buf is always null-terminated at a fixed offset 127. This is especially
bad because the next operation is a strrchr().

Also, make sure that the whole /proc/PID/stat file is read, otherwise
its parsing may be unsafe (the strrchr() may point into user-controlled
data, comm). This should never happen with the current file format (comm
is very short), but be safe, just in case.

6 years agoskill: Check the return value of fstat().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Check the return value of fstat().

6 years agoskill: Prevent multiple overflows in ENLIST().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Prevent multiple overflows in ENLIST().

First problem: saved_argc was used to calculate the size of the array,
but saved_argc was never initialized. This triggers an immediate heap-
based buffer overflow:

$ skill -c0 -c0 -c0 -c0
Segmentation fault (core dumped)

Second problem: saved_argc was not the upper bound anyway, because one
argument can ENLIST() several times (for example, in parse_namespaces())
and overflow the array as well.

Third problem: integer overflow of the size of the array.

6 years agoskill: Fix double-increment of pid_count.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Fix double-increment of pid_count.

No need to "pid_count++;" because "ENLIST(pid," does it already. Right
now this can trigger a heap-based buffer overflow.

Also, remove the unneeded "pid_count = 0;" (it is static, and
skillsnice_parse() is called only once; and the other *_count variables
are not initialized explicitly either).

6 years agoskill: Remove unused NEXTARG macro.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Remove unused NEXTARG macro.

6 years agoskill: Always NULL-terminate argv.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Always NULL-terminate argv.

The memmove() itself does not move the NULL-terminator, because nargs is
decremented first. Copy how skill_sig_option() does it: decrement nargs
last, and remove the "if (nargs - i)" (we are in "while (i < nargs)").

6 years agoskill: Fix getline() usage.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Fix getline() usage.

man getline: "If *lineptr is set to NULL and *n is set 0 before the
call, then getline() will allocate a buffer for storing the line. This
buffer should be freed by the user program even if getline() failed."

6 years agoskill: Simplify the kill_main() loop.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
skill: Simplify the kill_main() loop.

Right now the "loop=0; break;" is never reached.

6 years agopwdx: Fix a misleading comment.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pwdx: Fix a misleading comment.

It sounds like an off-by-one, but the code itself is correct.

6 years agopidof: Prevent integer overflows with grow_size().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pidof: Prevent integer overflows with grow_size().

Note: unlike "size" and "omit_size", "path_alloc_size" is not multiplied
by "sizeof(struct el)" but the checks in grow_size() allow for a roughly
100MB path_alloc_size, which should be more than enough for readlink().

6 years agopidof: Do not memleak pidof_root if multiple -c options.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pidof: Do not memleak pidof_root if multiple -c options.

6 years agopidof: Do not skip the NULL terminator in cmdline.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pidof: Do not skip the NULL terminator in cmdline.

This should never happen (cmdline[0] should always be non-NULL), but
just in case.

6 years agopidof: Get the arg1 base name with get_basename().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pidof: Get the arg1 base name with get_basename().

Same as program_base, cmd_arg0base, and exe_link_base.

6 years agopidof: Do not memleak the contents of proc_t.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pidof: Do not memleak the contents of proc_t.

Just like "pgrep: Do not memleak the contents of proc_t."

6 years agotload: Prevent integer overflows of ncols, nrows, and scr_size.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
tload: Prevent integer overflows of ncols, nrows, and scr_size.

Also, use xerrx() instead of xerr() since errno is not set.

6 years agotload: Prevent a buffer overflow when row equals nrows.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
tload: Prevent a buffer overflow when row equals nrows.

When max_scale is very small, scale_fact is very small, row is equal to
nrows, p points outside screen, and the write to *p is out-of-bounds.

6 years agotload: Use snprintf() instead of sprintf().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
tload: Use snprintf() instead of sprintf().

6 years agotload: Call longjmp() 1 instead of 0.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
tload: Call longjmp() 1 instead of 0.

Do it explicitly instead of the implicit "longjmp() cannot cause 0 to be
returned. If longjmp() is invoked with a second argument of 0, 1 will be
returned instead."

6 years agotload: Use standard names instead of numbers.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
tload: Use standard names instead of numbers.

6 years agoslabtop: Reset slab_list if get_slabinfo() fails.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
slabtop: Reset slab_list if get_slabinfo() fails.

Otherwise "the state of 'list' and 'stats' are undefined" (as per
get_slabinfo()'s documentation) and free_slabinfo() crashes (a
use-after-free).

6 years agouptime: Check the return value of various functions.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
uptime: Check the return value of various functions.

6 years agopgrep: Prevent a potential stack-based buffer overflow.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Prevent a potential stack-based buffer overflow.

This is one of the worst issues that we found: if the strlen() of one of
the cmdline arguments is greater than INT_MAX (it is possible), then the
"int bytes" could wrap around completely, back to a very large positive
int, and the next strncat() would be called with a huge number of
destination bytes (a stack-based buffer overflow).

Fortunately, every distribution that we checked compiles its procps
utilities with FORTIFY, and the fortified strncat() detects and aborts
the buffer overflow before it occurs.

This patch also fixes a secondary issue: the old "--bytes;" meant that
cmdline[sizeof (cmdline) - 2] was never written to if the while loop was
never entered; in the example below, "ff" is the uninitialized byte:

((exec -ca `python3 -c 'print("A" * 131000)'` /usr/bin/cat < /dev/zero) | sleep 60) &
pgrep -a -P "$!" 2>/dev/null | hexdump -C
00000000  31 32 34 36 30 20 41 41  41 41 41 41 41 41 41 41  |12460 AAAAAAAAAA|
00000010  41 41 41 41 41 41 41 41  41 41 41 41 41 41 41 41  |AAAAAAAAAAAAAAAA|
*
00001000  41 41 41 41 ff 0a 31 32  34 36 32 20 73 6c 65 65  |AAAA..12462 slee|
00001010  70 20 36 30 0a                                    |p 60.|

6 years agopgrep: Always null-terminate the cmd*[] buffers.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Always null-terminate the cmd*[] buffers.

Otherwise, man strncpy: "If there is no null byte among the first n
bytes of src, the string placed in dest will not be null-terminated."

6 years agopgrep: Initialize the cmd*[] stack buffers.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Initialize the cmd*[] stack buffers.

Otherwise (for example), if the (undocumented) opt_echo is set, but not
opt_long, and not opt_longlong, and not opt_pattern, there is a call to
xstrdup(cmdoutput) but cmdoutput was never initialized:

sleep 60 & echo "$!" > pidfile
env -i LD_DEBUG=`perl -e 'print "A" x 131000'` pkill -e -c -F pidfile | xxd
...
000001c0: 4141 4141 4141 4141 4141 4141 4141 4141  AAAAAAAAAAAAAAAA
000001d0: 4141 4141 4141 4141 fcd4 e6bd e47f 206b  AAAAAAAA...... k
000001e0: 696c 6c65 6420 2870 6964 2031 3230 3931  illed (pid 12091
000001f0: 290a 310a                                ).1.
[1]+  Terminated              sleep 60

(the LD_DEBUG is just a trick to fill the initial stack with non-null
bytes, to show that there is uninitialized data from the stack in the
output; here, an address "fcd4 e6bd e47f")

6 years agopgrep: Simplify the match_*() functions.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Simplify the match_*() functions.

6 years agopgrep: Replace buf+1 with buf in read_pidfile().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Replace buf+1 with buf in read_pidfile().

Unless we missed something, this makes it unnecessarily difficult to
read/audit.

6 years agopgrep: Replace ints with longs in strict_atol().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Replace ints with longs in strict_atol().

atol() means long, and value points to a long.

6 years agopgrep: Prevent integer overflow of list size.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Prevent integer overflow of list size.

Not exploitable (not under an attacker's control), but still a potential
non-security problem. Copied, fixed, and used the grow_size() macro from
pidof.c.

6 years agopgrep: Do not memleak the contents of proc_t.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
pgrep: Do not memleak the contents of proc_t.

memset()ing task and subtask inside their loops prevents free_acquired()
(in readproc() and readtask()) from free()ing their contents (especially
cmdline and environ).

Our solution is not perfect, because we still memleak the very last
cmdline/environ, but select_procs() is called only once, so this is not
as bad as it sounds.

It would be better to leave subtask in its block and call
free_acquired() after the loop, but this function is static (not
exported).

The only other solution is to use freeproc(), but this means replacing
the stack task/subtask with xcalloc()s, thus changing a lot of code in
pgrep.c (to pointer accesses).

Hence this imperfect solution for now.

6 years agolibrary: check not undef SIGLOST
Craig Small [Thu, 3 May 2018 11:06:05 +0000 (21:06 +1000)]
library: check not undef SIGLOST

sig.c had this odd logic where on non-Hurd systems it would undefine
SIGLOST. Fine for Hurd or amd64 Linux systems. Bad for a sparc which
has SIGLOST defined *and* is not Hurd.

Just check its defined, its much simpler.

6 years agomisc: fix ps etime tests
Craig Small [Tue, 10 Apr 2018 12:09:40 +0000 (22:09 +1000)]
misc: fix ps etime tests

The test assumes only one process appears which, depending on the
speed of things, may not be true. It now matches one to many process
lines.

6 years agoupdate translations v3.3.14
Craig Small [Tue, 10 Apr 2018 11:37:39 +0000 (21:37 +1000)]
update translations

6 years agolibrary: build on non-glibc systems
Craig Small [Tue, 10 Apr 2018 11:28:11 +0000 (21:28 +1000)]
library: build on non-glibc systems

Some non-glibc systems didn't have libio.h or __BEGIN_DECLS
Changes to make it more standard.

References:
 issue #88

6 years agofree: fix scaling on 32-bit systems
Craig Small [Tue, 10 Apr 2018 11:20:25 +0000 (21:20 +1000)]
free: fix scaling on 32-bit systems

Systems that have a 32-bit long would give incorrect results in free.

References:
 Issue #89
 https://www.freelists.org/post/procps/frees-scale-size-broken-with-32bit-long

6 years agomisc: Update news about #91
Craig Small [Tue, 10 Apr 2018 11:16:10 +0000 (21:16 +1000)]
misc: Update news about #91

6 years agoRevert "Support running with child namespaces"
Craig Small [Tue, 10 Apr 2018 11:14:01 +0000 (21:14 +1000)]
Revert "Support running with child namespaces"

This reverts commit dcb6914f11406a13972636b08b7e26fdafe9efc9.

This commit broke a lot of scripts that were expecting to see all
programs. See #91

6 years agopgrep: Don't segfault with no match
Craig Small [Fri, 6 Apr 2018 13:00:29 +0000 (23:00 +1000)]
pgrep: Don't segfault with no match

If pgrep is run with a non-program name match and there are
no matches, it segfaults.

The testsuite thinks zero bytes sent, and zero bytes sent
because the program crashed is the same :/

References:
 commit 1aacf4af7f199d77fc9386e249eee654f59880db
 https://bugs.debian.org/894917

Signed-off-by: Craig Small <csmall@enc.com.au>
6 years agomisc: Update translations from Translation project v3.3.13
Craig Small [Sun, 1 Apr 2018 07:37:10 +0000 (17:37 +1000)]
misc: Update translations from Translation project

6 years ago3.3.13 release candidate 1 v3.3.13rc1
Craig Small [Mon, 12 Mar 2018 05:30:58 +0000 (16:30 +1100)]
3.3.13 release candidate 1

Update NEWS with the version
Add library API change into NEWS
Update c:r:a for library to 7:0:1

This means the current and age are incremented, so old programs can
use new library but not vice-versa as they won't have the numa*
functions.

6 years agomisc: Update translations
Craig Small [Mon, 12 Mar 2018 03:24:49 +0000 (14:24 +1100)]
misc: Update translations

po4a is awful, basically.

6 years agosysctl: fixup build system
Craig Small [Mon, 12 Mar 2018 02:06:08 +0000 (13:06 +1100)]
sysctl: fixup build system

Remove the external definition of the procio function.

6 years agomisc: update NEWS with some missed items
Craig Small [Sat, 3 Mar 2018 07:59:17 +0000 (18:59 +1100)]
misc: update NEWS with some missed items

6 years agomisc: Add link protection examples to sysctl.conf
Craig Small [Sat, 3 Mar 2018 07:56:20 +0000 (18:56 +1100)]
misc: Add link protection examples to sysctl.conf

Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.

Most kernels probably have this enabled anyhow.

References:
 https://bugs.debian.org/889098
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
 https://github.com/torvalds/linux/commit/561ec64ae67ef25cac8d72bb9c4bfc955edfd415

6 years agodocs: Note limitation of finding scripts in pidof.1
Craig Small [Sat, 3 Mar 2018 07:47:22 +0000 (18:47 +1100)]
docs: Note limitation of finding scripts in pidof.1

pidof will miss scripts that are run a certain way due to how
they appear in procfs. This is just a note to say it might miss
them.

References:
 procps-ng/procps#17

6 years agowatch: use sysconf() for hostname length
Craig Small [Sat, 3 Mar 2018 07:36:44 +0000 (18:36 +1100)]
watch: use sysconf() for hostname length

Hurd doesn't have HOST_NAME_MAX, neither does Solaris.
An early fix just checked for this value and used 64 instead.
This change uses sysconf which is the correct method, possibly until
this compiles on some mis-behaving OS which doesn't have this value.

References:
 commit e564ddcb01c3c11537432faa9c7a7a6badb05930
 procps-ng/procps#54

6 years agosysctl: fix typo in help
Craig Small [Sat, 3 Mar 2018 07:29:19 +0000 (18:29 +1100)]
sysctl: fix typo in help

Changed "a variables" to "the given variable(s)"

References:
 procps-ng/procps#84

6 years agodocs: Reword --exec option in watch.1
Craig Small [Sat, 3 Mar 2018 07:26:47 +0000 (18:26 +1100)]
docs: Reword --exec option in watch.1

The manual page for watch for the exec option was confusing and
backwards. Hopefully this one makes more sense.

References:
 procps-ng/procps#75

6 years agoMerge branch 'dbanerje/procps-namespace'
Craig Small [Sat, 3 Mar 2018 07:00:56 +0000 (18:00 +1100)]
Merge branch 'dbanerje/procps-namespace'

References:
 procps-ng/procps!41

6 years agoSupport running with child namespaces
Debabrata Banerjee [Wed, 8 Feb 2017 23:42:39 +0000 (18:42 -0500)]
Support running with child namespaces

By default pgrep/pkill should not kill processes in a namespace it is not
part of. If this is allowed, it allows callers to break namespaces they did
not expect to affect, requiring rewrite of all callers to fix.

So by default, we should work in the current namespace. If --ns 0 is
specified, they we look at all namespaces, and if any other pid is specified
we continue to look in only that namespace.

Signed-off-by: Debabrata Banerjee <dbanerje@akamai.com>
6 years agotop: show that truncation indicator ('+') consistently
Jim Warner [Wed, 28 Feb 2018 06:00:00 +0000 (00:00 -0600)]
top: show that truncation indicator ('+') consistently

With a little luck, this should be the final tweak for
our support of extra wide characters. Currently, those
characters don't always display the '+' indicator when
they've been truncated. Now, it should always be seen.

[ plus it's done a tad more efficiently via snprintf ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agops: Add NEWS and checks for times and cputimes
Craig Small [Fri, 2 Mar 2018 11:07:46 +0000 (22:07 +1100)]
ps: Add NEWS and checks for times and cputimes

The previous commit had one minor bug in it because the fields need
to be alphabetical and times comes after timeout.

Added NEWS item for this feature
Added another testsuite check for new flags in case they
disappear or go strange one day.

References:
 commit 8a94ed61119f8dcf7bcb98b84534e408d4eb7769

6 years agoMerge branch 'sbigaret/procps-master'
Craig Small [Fri, 2 Mar 2018 10:59:47 +0000 (21:59 +1100)]
Merge branch 'sbigaret/procps-master'

References:
 procps-ng/procps!43

6 years agops: add times & cputimes format specifiers: cumulative CPU time in seconds
Sébastien Bigaret [Sat, 11 Mar 2017 06:40:19 +0000 (07:40 +0100)]
ps: add times & cputimes format specifiers: cumulative CPU time in seconds

These format specifiers are to time & cputime what etimes is to etime.

Signed-off-by: Sébastien Bigaret <sebastien.bigaret@telecom-bretagne.eu>
6 years agomisc: Add news entry for previous pidof
Craig Small [Fri, 2 Mar 2018 10:47:50 +0000 (21:47 +1100)]
misc: Add news entry for previous pidof

6 years agoMerge branch 'masatake/procps-pidof-sep-option'
Craig Small [Fri, 2 Mar 2018 10:43:27 +0000 (21:43 +1100)]
Merge branch 'masatake/procps-pidof-sep-option'

References:
 procps-ng/procps!58

6 years agopidof: allow to change a separator put between pids
Masatake YAMATO [Sat, 24 Feb 2018 09:03:11 +0000 (18:03 +0900)]
pidof: allow to change a separator put between pids

I frequency use pidof command with strace system call tracer.
strace can trace MULTIPLE processes specified with "-p $PID"
arguments like:

  strace -p 1 -p 1030 -p 3043

Sometimes I want to do as following

  strace -p $(pidof httpd)

However, above command line doesn't work because -p option
is needed for specifying a pid. pidof uses a whitespace as
a separator. For passing the output to strace, the separator
should be replaced with ' -p '.

This maybe not a special to my use case.

This commit introduces -S option that allows a user to specify a
separator the one wants.

    $ ./pidof bash
    ./pidof bash
    24624 18790 12786 11898 11546 10766 7654 5095
    $ ./pidof -S ',' bash
    ./pidof -S ',' bash
    24624,18790,12786,11898,11546,10766,7654,5095
    $ ./pidof -S '-p ' bash
    ./pidof -S '-p ' bash
    24624-p 18790-p 12786-p 11898-p 11546-p 10766-p 7654-p 5095
    $ ./pidof -S ' -p ' bash
    ./pidof -S ' -p ' bash
    24624 -p 18790 -p 12786 -p 11898 -p 11546 -p 10766 -p 7654 -p 5095
    $ strace -p $(./pidof -S ' -p ' bash)
    strace -p $(./pidof -S ' -p ' bash)
    strace: Process 24624 attached
    strace: Process 18790 attached
    strace: Process 12786 attached
    ...

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
6 years agosysctl: Bring procio functions out of library
Craig Small [Thu, 1 Mar 2018 10:25:04 +0000 (21:25 +1100)]
sysctl: Bring procio functions out of library

The procio functions that were in the library have been
moved into sysctl. sysctl is not linked to libprocps in
newlib and none of the other procps binaries would need
to read/write large data to the procfs.

References:
 be6b048a41b0a47ebed602d9e0993fe18c9de237

6 years agodocs: Change name of fprocopen man page
Craig Small [Wed, 28 Feb 2018 10:24:03 +0000 (21:24 +1100)]
docs: Change name of fprocopen man page

Add NEWS for sysctl large buffers
Rename manpage to fprocopen

References:
 be6b048a41b0a47ebed602d9e0993fe18c9de237
 procps-ng/procps!56

6 years agoMerge branch 'bitstreamout/procps-procio'
Craig Small [Wed, 28 Feb 2018 09:48:57 +0000 (20:48 +1100)]
Merge branch 'bitstreamout/procps-procio'

References:
 procps-ng/procps!56

6 years agoUse new standard I/O for reading/writing sysctl values
Werner Fink [Thu, 18 Jan 2018 10:38:02 +0000 (11:38 +0100)]
Use new standard I/O for reading/writing sysctl values

thereby use one allocated buffer for I/O which now might
be increased by the stdio function getline(3) on the
file if required.

Signed-off-by: Werner Fink <werner@suse.de>
6 years agoAdd flexible buffered I/O based on fopencookie(3)
Werner Fink [Thu, 18 Jan 2018 10:26:37 +0000 (11:26 +0100)]
Add flexible buffered I/O based on fopencookie(3)

to be able to read and write large buffers below /proc.
The buffers and file offsets are handled dynamically
on the required buffer size at read, that is lseek(2)
is used to determine this size. Large buffers at
write are split at a delimeter into pieces and also
lseek(2) is used to write each of them.

Signed-off-by: Werner Fink <werner@suse.de>
6 years agoPreload sysctl lines even if longer than stdio buffer
Werner Fink [Thu, 18 Jan 2018 10:06:55 +0000 (11:06 +0100)]
Preload sysctl lines even if longer than stdio buffer

by using getline(3) to use a dynamically increased buffer
if required by the input found in sysctl configuration files.

Signed-off-by: Werner Fink <werner@suse.de>
6 years agodocs: sysctl.8 clarify when w flag is required
Craig Small [Mon, 19 Feb 2018 10:05:42 +0000 (21:05 +1100)]
docs: sysctl.8 clarify when w flag is required

The w flag is not needed for key=val type options but only forces all
options to be that format.

References:
 procps-ng/procps#83

6 years agoMerge branch 'jrybar/procps-ps-luid'
Craig Small [Mon, 19 Feb 2018 09:43:18 +0000 (20:43 +1100)]
Merge branch 'jrybar/procps-ps-luid'

Accept merge request procps-ng/procps!57

6 years agops: LUID format option impelemented
Jan Rybar [Fri, 9 Feb 2018 17:17:36 +0000 (18:17 +0100)]
ps: LUID format option impelemented

6 years agotop: update copyright dates in source and man document
Jim Warner [Sun, 28 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: update copyright dates in source and man document

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: try to avoid premature truncation indicator ('+')
Jim Warner [Sat, 27 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: try to avoid premature truncation indicator ('+')

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: avoid potential truncation with 'Inspect' feature
Jim Warner [Fri, 26 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: avoid potential truncation with 'Inspect' feature

As it turns out, that Ukrainian 'demo' text supporting
the '=' command was 152 bytes long, up from an English
version of 80 bytes. Unfortunately, the buffer used to
format all such strings was insufficient at 128 bytes.

Depending on the width of one's terminal, some strange
result could be experienced when a multi-byte sequence
was truncated. So, this just makes that buffer bigger.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: allow translated field headers to determine width
Jim Warner [Thu, 25 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: allow translated field headers to determine width

After wrestling with extra wide characters, supporting
languages like zh_CN, sometimes default/minimum column
widths might force a truncation of translated headers.

So, this commit explores one way that such truncations
could be avoided. It is designed so as to have minimal
impact on existing code, ultimately affecting just one
function. But it's off by default via its own #define.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: an efficiency tweak to extra wide character logic
Jim Warner [Tue, 23 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: an efficiency tweak to extra wide character logic

When I recently added extra wide character support for
locales like zh_CN, I didn't worry about some overhead
associated with the new calls to 'mbtowc' & 'wcwidth'.
That's because such overhead was usually incurred with
user interactions, not a normal iterative top display.

There was, however, one area where this overhead would
impact the normal iterative top mode - that's with the
Summary display. So I peeked at the glibc source code.

As it turns out, the costs of executing those 'mbtowc'
and 'wcwidth' functions were not at all insignificant.
So, this patch will avoid them in the vast majority of
instances, while still enabling extra wide characters.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: standardize width of the %CPU & %MEM columns at 5
Jim Warner [Mon, 22 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: standardize width of the %CPU & %MEM columns at 5

There is (should be) no justification for changing the
width of the percentage columns (%CPU, %MEM) depending
on the BOOST_PERCNT #define. So this patch will ensure
that both columns are fixed at their former maximum 5.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: account for the idle state ('I') threads in total
Jim Warner [Sat, 13 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: account for the idle state ('I') threads in total

With the documentation update in the commit referenced
below, we should also account for such threads as they
will already be represented in the task/thread totals.

[ and do it in a way that might avoid future changes ]

Reference(s):
commit a238a687ce4d700bc6a889f7f9f75b4341020969

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: adapt utf8 logic to support extra wide characters
Jim Warner [Sat, 6 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: adapt utf8 logic to support extra wide characters

Back when top was refactored to support UTF-8 encoding
it was acknowledged that languages like zh_CN were not
supported. That was because a single 'character' might
require more than a single 'column' when it's printed.

Well I've now figured out how to accommodate languages
like that. My adaptation is represented in this patch.

[ and just in case someone wishes to avoid the extra ]
[ runtime costs, a #define OFF_XTRAWIDE is included. ]

Along the way, I've cleaned up some miscellaneous code
supporting the 'Inspect' feature so that the rightmost
screen column was always used rather than being blank.

[ interestingly, my xterm & urxvt terminal emulators ]
[ are able to split extra wide characters then print ]
[ 1/2 of such graphics in the last column. the gnome ]
[ terminal emulator does not duplicate such behavior ]
[ but prints 1 extra character in same width window. ]

Reference(s):
. Sep, 2017 - original utf8 support
commit 7ef38420a4ef69380ad467a2f49737f2e84d5c89

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: tweak that recent enhancement to startup defaults
Jim Warner [Fri, 5 Jan 2018 06:00:00 +0000 (00:00 -0600)]
top: tweak that recent enhancement to startup defaults

When the new approach for startup defaults was adopted
in the reference below, a file might be left open that
technically should be closed. This situation arises in
the unlikely event the #define RCFILE_NOERR is active.

Without that #define, the program will exit early thus
rendering the open file issue moot. However, even with
that #define there was no real harm with an open file.
It simply meant a 2nd FILE struct would have been used
when, or if, the rcfile was written via a 'W' command.

Anyway, this patch ensures such a file will be closed.

Reference(s):
. Dec, 2017 - /etc/topdefaultrc introduced
commit 3e6a208ae501194fdb39d5f259e327c087dc8c84

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agofree: Update tests and fix for previous patch
Craig Small [Sat, 13 Jan 2018 05:09:54 +0000 (16:09 +1100)]
free: Update tests and fix for previous patch

The previous two patches updated free, but needed a tweak and the tests
also needed to be updated. I've hand-calculated the results using bc and
both the testsuite and bc results equal what free prints out.

References:
 commit 9365be7633d23a68837868875c7b157516cd3058
 procps-ng/procps#45

6 years agofree.c - name correctly the binary multiples in the human-readable case
getzze [Fri, 4 Nov 2016 01:11:01 +0000 (01:11 +0000)]
free.c - name correctly the binary multiples in the human-readable case

6 years agofree.c - correct conversion to decimal multiples
getzze [Fri, 4 Nov 2016 01:09:58 +0000 (01:09 +0000)]
free.c - correct conversion to decimal multiples

6 years agodocs: Document I idle state in ps and top
Craig Small [Sat, 13 Jan 2018 00:18:09 +0000 (11:18 +1100)]
docs: Document I idle state in ps and top

Linux 4.2 provided a new process state of I which is used for an idle
kernel thread. This new state means that kernel threads do not
contribute to the loadavg as they are no longer state D or S but I.

While both ps and top displayed this state, it wasn't documented in
either manual page until now.

References:
 https://bugs.debian.org/886967
 https://www.quora.com/What-does-mean-Linux-process-state-I-in-the-top-output
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80ed87c8a9ca0cad7ca66cf3bbdfb17559a66dcf

6 years agosysctl: Don't crash file fopen fails
Craig Small [Sun, 7 Jan 2018 01:25:35 +0000 (12:25 +1100)]
sysctl: Don't crash file fopen fails

The commit referenced below put a setvbuf() before checking what
fopen() returned. If the file could not be opened then the file
handle was NULL at setvbuf() crashed.

setvbuf() is now called after checking what fopen() returns and only
when it was successful.

References:
 procps-ng/procps#76
 commit 58ae084c2737cdee395915d45dbcb364648ac615

7 years agoMerge branch 'Polynomal-C/procps-master'
Craig Small [Fri, 29 Dec 2017 04:57:43 +0000 (15:57 +1100)]
Merge branch 'Polynomal-C/procps-master'

References:
 procps-ng/procps!47

7 years agoAdd support for elogind
Sven Eden [Tue, 30 May 2017 14:33:28 +0000 (16:33 +0200)]
Add support for elogind

A session manager similar to logind from systemd.
See https://github.com/elogind/elogind

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
7 years agodocs: Mention in sysctl.8 that a filename is read once
Jan Rybar [Fri, 29 Dec 2017 04:37:49 +0000 (15:37 +1100)]
docs: Mention in sysctl.8 that a filename is read once

Added note into sysctl.8 manpage about directory precedence.

This information may be important for users who create new config files at several destinations. Especially the information about files to be omitted in directories with lower priority shall be given.