Closed giampaolo closed 10 years ago
From jlo...@gmail.com on February 28, 2012 15:26:49
1) It doesn't crash (at least I have not seen it do so nor had it reported as
such in the issue tracker), it throws an AccessDenied exception, which is
correct behavior since the behavior is caused by the OS X security model
preventing access to reading another process's information.
2) We've looked into this several times, and there simply isn't a viable
workaround for this other than running the script with root privileges. The way
OS X's security model is designed prevents one application from reading
another's process space, even if they are run by the same user. The only way
around that is to run as root, or to explicitly create a cert to authorize a
one process to access another.
I investigated this previously for psutil and because Python is an interpreter,
that would require you authorize the Python interpreter process (*not* your
script) to access process information, which is cumbersome and a security issue
that's even less desirable to my mind than explicitly allowing a given Python
script to run as root with sudo.
If you're wondering - the reason "ps", "top" and Activity Monitor binaries work
on OS X when run as a non-privileges user is because they are setuid, i.e. they
run as root when invoked. If you were so inclined, you could of course make
Python's interpreter run setuid also but that has obvious negative security
repercussions.
If there is a workaround that will allow us to bypass this security constraint
of OS X in a reasonable way, we'd love to know about it but as of right now
there does not appear to be any way to do so that is more palatable than using sudo.
Status: WontFix
From g.willgo...@telluricresearch.com on February 28, 2012 15:45:24
This may seem like a stupid idea but as workaround on OSX why doesn't psutil
run ps itself and parse the output of ps. I like the API of psutil and it would
be nice if it worked across all platforms, even if the solution for OSX was
less than ideal. I know the format of ps varies from platform to platform (it
was while investigating that that I stumbled on psutil myself) but I suspect
that across the various versions of OSX ps's output format would be the same.
====================================================================
Prof Garry Willgoose,
Director, Centre for Climate Impact Management (C2IM),
Head of Discipline, Discipline of Civil Surveying and Environmental Engineering,
School of Engineering, The University of Newcastle,
Callaghan, 2308
Australia.
C2IM webpage: www.c2im.org.au
Phone: (International) +61 2 4921 6050 (Tues-Thurs); +61 2 6545 9574 (Mon, Fri)
FAX: (International) +61 2 4921 6991
Env. Engg. Secretary: (International) +61 2 4921 6042
email: garry.willgoose@newcastle.edu.au (uni);
g.willgoose@telluricresearch.com (personal, consulting)
email-for-life: garry.willgoose@alum.mit.edu
personal webpage: www.telluricresearch.com/garry
From jlo...@gmail.com on February 29, 2012 10:58:26
We have previously looked at (and even used as temporary solutions) parsing
command line process output but it's inelegant and surprisingly inconsistent &
difficult to parse reliably. There are also performance issues compared to
directly accessing system calls in C code.
Ultimately, it's not a direction we're looking to go with the library, and ps
does not provide access to all the information we provide in psutil anyway.
Even if you're parsing "ps" output, it's still ultimately running as root, so I
don't see it as being a worthwhile trade-off.
From g.willgo...@telluricresearch.com on February 28, 2012 23:53:58
Original issue: http://code.google.com/p/psutil/issues/detail?id=255