Parsing /proc/maps?

Question

I wrote the following code in C. What I have done so far is open the proc directory and read the processes inside - dictories that did not consist of numerical characters were simply disregarded as I only want to look at the numeric directories. What I want to do is to print the PID of all the processes in the proc directory that have read and write permissions. My question is how can I extract the permissions of a process from the proc/.../maps file?

Here is a snippet of my code where I am having trouble:

sprintf(buf, "/proc/%d/maps", tgid->d_name); 
file = fopen(buf, "r");

while (fgets(buf, sizeof(buf), file)) {
    sscanf(buf, "%x-%x %4c %x %x:%x", &from, &to, flags, &offset, &major, &minor);
}

fclose(file);
if (flags[0] == 'r' && flags[1] == 'w') {
    printf("%d\n", tgid->d_name);
}

Even with the edit, the question remains unclear and shows a lot of confusion. A process don't have permissions (but it does have [credentials(7)](http://man7.org/linux/man-pages/man7/credentials.7.html) ...) — Basile Starynkevitch, Nov 05 '18 at 05:28
Take several days to read more about Linux and operating systems. My answer gave some references (most of them are freely downloadable, but you need many days to read them). You stay very confused (a process don't have permissions!) — Basile Starynkevitch, Nov 05 '18 at 05:45

Basile Starynkevitch · Answer 1 · 2018-11-05T05:48:05.797

What I want to do is to print the PID of all the processes that are read and writable

A process is an abstraction provided by some operating system. It makes no sense to speak of a "readable" process (or a "writable" one), or one with "read" permissions or "write" permissions, since it is about file system permissions. A process is not a file, and its /proc/1234/ directory is just a view into that process given by the kernel. A process is using file descriptors to access files (and you might scan its /proc/1234/fd/ directory).

The proc(5) file system is a pseudo file system specific to Linux. The /proc/$pid/maps is a textual view showing the virtual address space of a process. You can read that pseudo-file sequentially.

To change its virtual address space, a Linux process would use system calls like execve(2) (which initializes a fresh virtual address space for a new program), mmap(2) and munmap, mprotect(2), etc...

To scan a directory (such as /proc/1234/fd/ or even /proc/) programmatically, use opendir(3) with closedir after having looped on readdir(3) (you'll probably also use stat(2) on a file path that you have constructed) You could use nftw(3) in some cases.

Read also Operating Systems: Three Easy Pieces to get a broad view about OSes.

after edit

What I want to do is to print the PID of all the processes in the proc directory that have read and write permissions

That has no sense. A process don't have permissions, but it does have credentials(7) (which define what file accesses are permitted to the process). You may parse /proc/1234/status to find the credentials of process of pid 1234 (in particular, the lines starting with Uid: and Gid: from that pseudo-file).

Read some good Linux programming book, perhaps the old ALP. Read also syscalls(2), execve(2), inode(7), path_resolution(7) and also the failure cases of file related system calls such as open(2), read(2), etc... (so also errno(3)). Take time to read carefully proc(5).

My question is how can I extract the permissions of a process from the /proc/.../maps file?

You cannot extract such information from that file. The /proc/1234/maps pseudo-file describes the virtual address space of process 1234. The credentials are given (with other status information) in /proc/1234/status. And it makes no sense to speak of the permissions of a process.

Sorry what I meant was I wanted to print the PIDs of processes that have read and write permissions — user9042207, Nov 04 '18 at 09:56
Read and write permissions on what file? thru what file descriptors? — Basile Starynkevitch, Nov 04 '18 at 09:57
I have edited my question which I hope will make what I am trying to do more clearer. I'm sorry about the confusion. — user9042207, Nov 05 '18 at 01:22
Even with the edits, you stay confused. You should read more about Linux programming. — Basile Starynkevitch, Nov 05 '18 at 05:35

score 0 · Answer 2 · answered Nov 04 '18 at 10:19

0

I don't know what exactly you're trying to do, but your program certainly doesn't do it.

Here's what your program does:

Open /proc/1234/maps where 1234 is the process's own PID.
Read the lines in this file one by one and parse them, recording the values in flags and other variables.
Print out information based on the final value of flags, which was collected from the last (matching) line.

So:

This will not “print the PID of all the processes” in any sense, since you're only looking at a single process.
What is printed out is based on the last line of the maps file. On x86_64 at least, this is the vsyscall area, which contains code and therefore is executable but not writable.

I won't offer a way to fix your program since I don't know what you want it to do. Saying “have read and write permissions” is incomplete: permissions over what?

answered Nov 04 '18 at 10:19

Gilles 'SO- stop being evil'

104,111
38
209
254

I have edited my question which I hope will make what I am trying to do more clearer. I'm sorry about the confusion. – user9042207 Nov 05 '18 at 01:19
Even with the edit, the question is unclear and you (the OP) remain confused. – Basile Starynkevitch Nov 05 '18 at 05:44
@user9042207 You're still asking about “the permissions of a process”, but not defining what you mean. If you're still having trouble, you should ask a new question where you *explain* what you want. – Gilles 'SO- stop being evil' Nov 05 '18 at 06:16

Parsing /proc/maps?

2 Answers2

after edit

Linked