From: Al Viro <viro@ZenIV.linux.org.uk>
To: Peter Chen <peter.feifan.chen@gmail.com>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: Getting the file path of a file descriptor
Date: Tue, 19 Jul 2016 02:59:22 +0100 [thread overview]
Message-ID: <20160719015922.GC2356@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAMGYKAcKB5aK=Kh8ogXBY3CHAm_c8W4PTuq1NRnEjKvj4W3_iA@mail.gmail.com>
On Mon, Jul 18, 2016 at 12:13:30PM -0700, Peter Chen wrote:
> Hi,
>
> I was wondering if I intercepted the system call such as read().
Hopefully not, since there is no race-free way of doing that. OTOH,
rootkit writers usually do not give a damn...
> Can
> I get the file path of the file descriptor somehow from the kernel
> process's internal data structures or some helper functions? For
> example if I had previously opened a file "abcd.txt", and then called
> read on it, I would like to get the filepath "abcd.txt" from the fd
> for the read().
The literal path used for open? No. If nothing else, it might have been
unlinked since then. Or renamed, for that matter. What's more, there
is no exclusion between rename() and read(), so there's no promise that
the name would remain valid after you obtain it. Using d_path() on
&file->f_path would give you what you'd see in /proc/self/fd/<n> at the
moment, for whatever it's worth.
> Also aside, I was wondering if it was all possible to get the file
> path of the executable of the process itself. So if I was running a
> program such as "ping", when I intercept the system calls of the
> program, I want to know the filepath of the ping program.
Depends. If that's debugging (as in "I want that printk happen only when
we hit that line from a syscall in my test binary, so that it wouldn't swamp
the log during boot"), comparing current->comm with the known name would be
the usual quick-and-dirty approach. If you are really playing with rootkits...
prev parent reply other threads:[~2016-07-19 1:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-18 19:13 Getting the file path of a file descriptor Peter Chen
2016-07-18 20:27 ` Frank Filz
2016-07-19 1:33 ` Peter Chen
2016-07-19 1:59 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160719015922.GC2356@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=peter.feifan.chen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.