freebsd-skq/sys/miscfs/procfs
Archie Cobbs 2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
..
procfs_ctl.c Removed unused #includes. 1997-08-02 14:33:27 +00:00
procfs_fpregs.c Check permissions for fp regs as well as normal regs. 1997-08-12 05:23:51 +00:00
procfs_map.c Examine all occurrences of sprintf(), strcat(), and str[n]cpy() 1998-12-04 22:54:57 +00:00
procfs_mem.c Added a second argument, "activate" to the vm_page_unwire() call so that 1998-10-28 13:37:02 +00:00
procfs_note.c Removed unused #includes. 1997-08-02 14:33:27 +00:00
procfs_regs.c Fix procfs security hole -- check permissions on meaningful I/Os (namely, 1997-08-12 04:34:30 +00:00
procfs_status.c Fixed printf format errors. 1998-07-11 07:46:16 +00:00
procfs_subr.c Fix a problem with procfs_exit() that resulted in missing some procfs 1997-12-12 03:33:43 +00:00
procfs_type.c Removed unused #includes. 1997-08-02 14:33:27 +00:00
procfs_vfsops.c Removed statically configured mount type numbers (MOUNT_*) and all 1998-09-07 13:17:06 +00:00
procfs_vnops.c Examine all occurrences of sprintf(), strcat(), and str[n]cpy() 1998-12-04 22:54:57 +00:00
procfs.h Quick fix for type mismatches which were fatal if longs aren't 32 1998-07-07 04:08:44 +00:00
README Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not 1997-02-22 09:48:43 +00:00

saute procfs lyonnais

procfs supports two levels of directory.  the filesystem root
directory contains a representation of the system process table.
this consists of an entry for each active and zombie process, and
an additional entry "curproc" which always represents the process
making the lookup request.

each of the sub-directories contains several files.  these files
are used to control and interrogate processes.  the files implemented
are:

	file	- xxx.  the exec'ed file.

	status  - r/o.  returns process status.

	ctl	- w/o.  sends a control message to the process.
			for example:
				echo hup > /proc/curproc/note
			will send a SIGHUP to the shell.
			whereas
				echo attach > /proc/1293/ctl
			would set up process 1293 for debugging.
			see below for more details.

	mem	- r/w.  virtual memory image of the process.
			parts of the address space are readable
			only if they exist in the target process.
			a more reasonable alternative might be
			to return zero pages instead of an error.
			comments?

	note	- w/o.  writing a string here sends the
			equivalent note to the process.
			[ not implemented. ]

	notepg	- w/o.  the same as note, but sends to all
			members of the process group.
			[ not implemented. ]

	regs	- r/w.	process register set.  this can be read
			or written any time even if the process
			is not stopped.  since the bsd kernel
			is single-processor, this implementation
			will get the "right" register values.
			a multi-proc kernel would need to do some
			synchronisation.

this then looks like:

% ls -li /proc
total 0
   9 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 0
  17 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 1
  89 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 10
  25 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 2
2065 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 257
2481 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 309
 265 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 32
3129 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 390
3209 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 400
3217 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 401
3273 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 408
 393 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 48
 409 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 50
 465 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 57
 481 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 59
 537 dr-xr-xr-x  2 root  kmem   0 Sep 21 15:06 66
 545 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 67
 657 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 81
 665 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 82
 673 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 83
 681 dr-xr-xr-x  2 root  wheel  0 Sep 21 15:06 84
3273 dr-xr-xr-x  2 jsp   staff  0 Sep 21 15:06 curproc
% ls -li /proc/curproc
total 408
3341 --w-------  1 jsp  staff       0 Sep 21 15:06 ctl
1554 -r-xr-xr-x  1 bin  bin     90112 Mar 29 04:52 file
3339 -rw-------  1 jsp  staff  118784 Sep 21 15:06 mem
3343 --w-------  1 jsp  staff       0 Sep 21 15:06 note
3344 --w-------  1 jsp  staff       0 Sep 21 15:06 notepg
3340 -rw-------  1 jsp  staff       0 Sep 21 15:06 regs
3342 -r--r--r--  1 jsp  staff       0 Sep 21 15:06 status
% df /proc/curproc /proc/curproc/file
Filesystem  512-blocks    Used   Avail Capacity  Mounted on
proc                 2       2       0   100%    /proc
/dev/wd0a        16186   13548    1018    93%    /
% cat /proc/curproc/status
cat 446 439 400 81 12,0 ctty 748620684 270000 0 0 0 20000 nochan 11 20 20 20 0 21 117



the basic sequence of commands written to "ctl" would be

	attach		- this stops the target process and
			  arranges for the sending process
			  to become the debug control process
	wait		- wait for the target process to come to
			  a steady state ready for debugging.
	step		- single step, with no signal delivery.
	run		- continue running, with no signal delivery,
			  until next trap or breakpoint.
	<signame>	- deliver signal <signame> and continue running.
	detach		- continue execution of the target process
			  and remove it from control by the debug process

in a normal debugging environment, where the target is fork/exec'd by
the debugger, the debugger should fork and the child should stop itself
(with a self-inflicted SIGSTOP).  the parent should do a "wait" then an
"attach".  as before, the child will hit a breakpoint on the first
instruction in any newly exec'd image.

$Id$