All the Perl that's Practical to Extract and Report

More /proc info

djberg96 on 2003-09-15T16:41:37

Someone on IRC was kind enough to provide me with an account on an OpenBSD machine so I could toy with porting some of my code. I decided to start with reading process information.

Things haven't worked out so well. Some admins unmount /proc (or never mount it in the first place) as a security precaution. I'm not sure what this protects the system from given that ps is still available, but then I'm not a hacker.

So, reading from /proc is out. The next plan was to use the kvm libs, which looked simple enough. Unfortunately, attempting to use kvm_open() fails with "/dev/mem: Permission denied". So, if an admin is security conscious enough to disable /proc, they're probably going to prevent the use of kvm as well.

What I don't know is whether or not this is a typical setup for OpenBSD. I can always resort to parsing 'ps' - NOT.

Use the source, Luke

samtregar on 2003-09-15T17:11:29

How does ps get its data? Maybe looking at the source for OpenBSD ps would be useful...

-sam

Re:Use the source, Luke

djberg96 on 2003-09-15T20:20:40

Without looking, my guess would be that it uses the kvm libs. However, ps (and most of your other installed programs) run suid root, so it *does* have permission to read /dev/mem.

Re:Use the source, Luke

Dom2 on 2003-09-15T22:34:16

I would have thought that most BSDs use -lkvm, plus setgid kmem or something. I have a feeling that newer FreeBSD uses sysctl however. Yup, libkvm appears to do that.

Don't forget that BSD ps also doesn't /proc so that you can get ps to run over a crashdump image.

-Dom

No /proc on OpenBSD

merlyn on 2003-09-15T18:04:53

The Proc filesystem is a Linux-ism. Not in the BSD family, that I'm aware of.

Re:No /proc on OpenBSD

djberg96 on 2003-09-15T20:25:21

It exists in the BSD family but it's often not mounted by BSD admins, which probably led you to believe that. Also, Solaris has /proc, but it's not in plain text format. Of the *nix flavors that I've seen so far, only HP-UX doesn't have a proc filesystem, but I certainly haven't seen them all.

Re:No /proc on OpenBSD

jhi on 2003-09-16T12:25:47

What is the license of top(1)? That would have reams of scary kernel-groping code exactly for this purpose.

Re:No /proc on OpenBSD

merlyn on 2003-09-17T03:08:01

OK, I overstepped by saying "BSD family". But it is specifically not in OpenBSD, hence the subject of this post and the previous replies. There's no manpage for it. There's no option to "mount" it by the "admin". It doesn't exist.

Re:No /proc on OpenBSD

djberg96 on 2003-09-17T19:52:22

Yes and no. It *can* exist. It seems (so the guy who gave me the account tells me) that you have to create a /proc partition (and give it a bit of space), then mount it.

Anyway, I have an account on an OpenBSD box and I can see process info under /proc now.

Re:No /proc on OpenBSD

jordan on 2003-09-20T23:37:50

I think that /proc was first seen in Plan 9 and then other Unix-like operating systems copied it.