Create /dev/null before opening kernel interfaces if it doesn't exist

author: Stef Walter <stef@memberwebs.com> 2004-05-19 16:35:30 +0000
committer: Stef Walter <stef@memberwebs.com> 2004-05-19 16:35:30 +0000
commit: 298e1a85181102bde3aed73f73a34fe81f7de66a (patch)
tree: cbdb94d3c824a34f299afc8ccfbe8f89f89cb07f /srcx/jps.c
parent: d86ba2f5a45fd70e6503ba516eea9386bc176e22 (diff)
1 files changed, 103 insertions, 95 deletions
diff --git a/srcx/jps.c b/srcx/jps.c
index c34aa41..6f8e4db 100644
--- a/srcx/jps.c
+++ b/srcx/jps.c
@@ -61,117 +61,125 @@ static void run_jail_ps(int argc, char* argv[]);
 
 int main(int argc, char* argv[])
 {
-	int ch = 0;
-	int simple = 0;
-	int jid = 0;
-
-	while((ch = getopt(argc, argv, "i")) != -1)
-	{
-		switch(ch)
-		{
-		case 'i':
-			simple = 1;
-			break;
-
-		case '?':
-		default:
-			usage();
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	/* Make sure we have a jail name or id */
-	if(argc == 0)
-		usage();
-
-	if(running_in_jail())
-		errx(1, "can't run from inside jail");
-
-	/* Translate the jail name into an id if neccessary */
-	jid = translate_jail_name(argv[0]);
-	if(jid == -1)
-		errx(1, "unknown jail host name: %s", argv[0]);
-
-	argc--;
-	argv++;
-
-	/* Go into the jail */
-	if(jail_attach(jid) == -1)
-		err(1, "couldn't attach to jail");
-
-	if(simple)
-	{
-		if(argc > 0)
-			usage();
-
-		print_jail_ids();
-	}
-
-	else
-	{
-		/* This function never returns */
-		run_jail_ps(argc, argv);
-	}
-
-	return 0;
+    int ch = 0;
+    int simple = 0;
+    int jid = 0;
+
+    while((ch = getopt(argc, argv, "i")) != -1)
+    {
+        switch(ch)
+        {
+        case 'i':
+            simple = 1;
+            break;
+
+        case '?':
+        default:
+            usage();
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    /* Make sure we have a jail name or id */
+    if(argc == 0)
+        usage();
+
+    if(running_in_jail())
+        errx(1, "can't run from inside jail");
+
+    /* Translate the jail name into an id if neccessary */
+    jid = translate_jail_name(argv[0]);
+    if(jid == -1)
+        errx(1, "unknown jail host name: %s", argv[0]);
+
+    argc--;
+    argv++;
+
+    /* Go into the jail */
+    if(jail_attach(jid) == -1)
+        err(1, "couldn't attach to jail");
+
+    if(simple)
+    {
+        if(argc > 0)
+            usage();
+
+        print_jail_ids();
+    }
+
+    else
+    {
+        /* This function never returns */
+        run_jail_ps(argc, argv);
+    }
+
+    return 0;
 }
 
 static void usage()
 {
-	fprintf(stderr, "usage: jps [-i] jail [ ps_options ... ]\n");
-	exit(2);
+    fprintf(stderr, "usage: jps [-i] jail [ ps_options ... ]\n");
+    exit(2);
 }
 
 static void run_jail_ps(int argc, char* argv[])
 {
-	char** args;
-	int i;
+    char errbuf[_POSIX2_LINE_MAX];
+    char** args;
+    kvm_t kd;
+    int i;
 
-	if(!check_jail_command(NULL, "/bin/ps"))
-		exit(1);
+    if(!check_jail_command(NULL, "/bin/ps"))
+        exit(1);
 
-	/*
-	 * TODO: We need to purge down the environment here.
-	 * If the jail is in any way malicious or compromised
-	 * then it could have replaced /bin/ps which we run...
-	 */
+    /* Make sure we can use kvm functionality here */
+    kd = open_kvm_handle(NULL, errbuf);
+    if(kd == NULL)
+        errx(1, "couldn't connect to kernel: %s", errbuf);
 
-	args = (char**)alloca(sizeof(char*) * (argc + 2));
-	args[0] = "ps";
+    kvm_close(kd);
 
-	for(i = 0; i < argc; i++)
-		args[i + 1] = argv[i];
+    /*
+     * TODO: We need to purge down the environment here.
+     * If the jail is in any way malicious or compromised
+     * then it could have replaced /bin/ps which we run...
+     */
 
-  args[i + 1] = NULL;
+    args = (char**)alloca(sizeof(char*) * (argc + 2));
+    args[0] = "ps";
 
-  run_jail_command(NULL, "/bin/ps", args, JAIL_RUN_NOFORK);
+    for(i = 0; i < argc; i++)
+        args[i + 1] = argv[i];
+
+    args[i + 1] = NULL;
+
+    run_jail_command(NULL, "/bin/ps", args, JAIL_RUN_NOFORK);
 }
 
 static void print_jail_ids()
 {
-	kvm_t* kd;
-	int nentries, i;
-	struct kinfo_proc* kp;
-	char errbuf[_POSIX2_LINE_MAX];
-
-	/* Open kernel interface */
-	kd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, errbuf);
-	if(kd == NULL)
-		errx(1, "couldn't connect to kernel: %s", errbuf);
-
-	/* Get all processes and print the pids */
-	if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
-		errx(1, "couldn't list processes: %s", kvm_geterr(kd));
-
-	for(i = 0; i < nentries; i++)
-	{
-		if(kp[i].ki_pid != getpid())
-			printf("%d ", (int)(kp[i].ki_pid));
-	}
-
-	fputc('\n', stdout);
-	kvm_close(kd);
+    kvm_t* kd;
+    int nentries, i;
+    struct kinfo_proc* kp;
+    char errbuf[_POSIX2_LINE_MAX];
+
+    /* Open kernel interface */
+    kd = open_kvm_handle(NULL, errbuf);
+    if(kd == NULL)
+        errx(1, "couldn't connect to kernel: %s", errbuf);
+
+    /* Get all processes and print the pids */
+    if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
+        errx(1, "couldn't list processes: %s", kvm_geterr(kd));
+
+    for(i = 0; i < nentries; i++)
+    {
+        if(kp[i].ki_pid != getpid())
+            printf("%d ", (int)(kp[i].ki_pid));
+    }
+
+    fputc('\n', stdout);
+    kvm_close(kd);
 }
-
author	Stef Walter <stef@memberwebs.com>	2004-05-19 16:35:30 +0000
committer	Stef Walter <stef@memberwebs.com>	2004-05-19 16:35:30 +0000
commit	298e1a85181102bde3aed73f73a34fe81f7de66a (patch)
tree	cbdb94d3c824a34f299afc8ccfbe8f89f89cb07f /srcx/jps.c
parent	d86ba2f5a45fd70e6503ba516eea9386bc176e22 (diff)