search

luigimarmo / psutil

Automatically exported from code.google.com/p/psutil
Other
0 stars 0 forks source link

process.get_connections() requires root access under FreeBSD #370

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Try to use process.get_connections() to examine a process as non-root and 
get AccessDenied when kvm_openfiles() fails.

What version of psutil are you using? What Python version?

0.6.1 on Python 2.7.  Examining 0.7.0's source shows it to have the same issue.

On what operating system? Is it 32bit or 64bit version?

FreeBSD.  I have tested on 64-bit, but it is true of all platforms supported by 
FreeBSD.

Please provide any additional information below.

The current implementation of get_connections() uses direct KVM access to read 
in-kernel structures based on the code in fstat.  This requires root access so 
that it can open /dev/mem.  I have written an alternate implementation that 
uses unprivileged sysctls to fetch the data.  kinfo_getfile() gets most of the 
needed data except for the TCP state.  To handle TCP state I use a sysctl to 
fetch information about all the TCP connections in the system borrowing from 
the implementation of the netstat command.  I then walk this list of TCP 
connections each time the main loop encounters a TCP socket to fetch the TCP 
state.  Using sysctl's also avoids races that can occur with sockets coming and 
going and KVM access failing because a socket has been freed while 
get_connections() was running.

Original issue reported on code.google.com by bsdkn...@gmail.com on 18 Apr 2013 at 9:02

Attachments:

GoogleCodeExporter commented 8 years ago 
The patch contains a memory leak.  It needs a 'free(tcplist)' added before the 
non-error return in get_connections().

Original comment by bsdkn...@gmail.com on 23 Apr 2013 at 6:05

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Wonderful! I cannot apply the patch though.
I tried "hg import psutil_sysctl.patch" and "patch -p0 < psutil_sysctl.patch" 
and both failed.
Did you use latest mercurial cset (1425:1445c0926b81)?

Original comment by g.rodola on 24 Apr 2013 at 11:06

GoogleCodeExporter commented 8 years ago 
@bsdknife: perhaps you can take a look at issue 373, which code might kind of 
be related with process connections code?

Original comment by g.rodola on 30 Apr 2013 at 7:33

GoogleCodeExporter commented 8 years ago 
Ok, I managed to adapt the patch and committed it as revision 7eb9b863271e.
Works like a charm. Thanks a lot bsdknife, that was a wonderful piece of code. 
Ping me if you care about having your real name in the CREDITS file.

Original comment by g.rodola on 30 Apr 2013 at 8:01

GoogleCodeExporter commented 8 years ago

Original comment by g.rodola on 30 Apr 2013 at 8:02

GoogleCodeExporter commented 8 years ago

Original comment by g.rodola on 3 May 2013 at 3:43