Issue
I'm trying to write a program to expose the arguments of other pids on macOS. I've made the KERN_PROCARGS2 sysctl, but it turns out that everyone and their dog use this wrong. Including Apple's ps, and Google's Chrome. The exec family of functions all allow you to pass an empty string as argv[0], which is not great but it can happen and so must be dealt with. In this case, the standard approach of skipping forward past the NULLs following the exec_path in the returned buffer doesn't work, as the last NULL before the rest of the arguments is actually the terminating NULL of an empty string, So you wind up skipping an argument you didn't mean to, which can result in printing an env var as an argument (I've confirmed this behaviour in many programs).
To do this properly one must calculate how many nulls to skip, instead of skipping them all every time. There are references around the web to the different parts of the returned buffer being pointer aligned, however no matter what part of the buffer I try to check with len % 8 I don't get a correct count of padding NULLs.
- https://github.com/apple/darwin-xnu/blob/main/bsd/kern/kern_sysctl.c#L1528
- https://lists.apple.com/archives/darwin-kernel/2012/Mar/msg00025.html
- https://chromium.googlesource.com/crashpad/crashpad/+/refs/heads/master/util/posix/process_info_mac.cc#153
Solution
It's the length of the saved exec_path that needs to be padded to a multiple of the system pointer length.
Answered By - Camden Narzt Answer Checked By - Willingham (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.