Accessing command line arguments from KAuth scope

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Re: Accessing command line arguments from KAuth scope

Postby Siguza » Thu Apr 14, 2016 3:05 pm

Not sure why you think that, but the data that KERN_PROCARGS returns doesn't contain any pointers, as far as I can see.

If I replace the for loop at the end by
Code: Select all
fwrite(buf, 1, len, stderr);
and add
Code: Select all
memset(buf, 0x33, len);
before sysctl(), and then run the program as
Code: Select all
$PWD/test '' a b c 2>&1 1>/dev/null | xxd
(I use $PWD instead of ./to demonstrate some padding below), I get:
Code: Select all
0000000: 2f55 7365 7273 2f6d 6f6c 742f 4465 736b  /Users/dude/Desk # <-- garbage?
0000010: 746f 702f 7465 7374 0000 0000 0000 0000  top/test........ # <-- alignment
0000020: 2f55 7365 7273 2f6d 6f6c 742f 4465 736b  /Users/dude/Desk
0000030: 746f 702f 7465 7374 0000 6100 6200 6300  top/test..a.b.c. # <-- double \0 due to first arg being '', which can cause trouble
0000040: 5445 524d 5f50 524f 4752 414d 3d41 7070  TERM_PROGRAM=App
0000050: 6c65 5f54 6572 6d69 6e61 6c00 5348 454c  le_Terminal.SHEL
0000060: 4c3d 2f62 696e 2f62 6173 6800 5445 524d  L=/bin/bash.TERM
0000070: 3d78 7465 726d 2d32 3536 636f 6c6f 7200  =xterm-256color.
0000080: 544d 5044 4952 3d2f 7661 722f 666f 6c64  TMPDIR=/var/fold
0000090: 6572 732f 6873 2f70 6433 3563 6a63 3137  ers/hs/pd35cjc17
00000a0: 6d6e 5f71 7672 7734 717a 6430 386a 3430  mn_qvrw4qzd08j40
00000b0: 3030 3067 6e2f 542f 0041 7070 6c65 5f50  000gn/T/.Apple_P
00000c0: 7562 5375 625f 536f 636b 6574 5f52 656e  ubSub_Socket_Ren
00000d0: 6465 723d 2f70 7269 7661 7465 2f74 6d70  der=/private/tmp
00000e0: 2f63 6f6d 2e61 7070 6c65 2e6c 6175 6e63  /com.apple.launc
00000f0: 6864 2e57 7554 5966 3139 3378 4b2f 5265  hd.WuTYf193xK/Re
0000100: 6e64 6572 0054 4552 4d5f 5052 4f47 5241  nder.TERM_PROGRA
0000110: 4d5f 5645 5253 494f 4e3d 3336 312e 3100  M_VERSION=361.1.
0000120: 5445 524d 5f53 4553 5349 4f4e 5f49 443d  TERM_SESSION_ID=
0000130: 3134 3334 3944 3534 2d45 3342 302d 3437  14349D54-E3B0-47
0000140: 4432 2d42 4339 462d 4246 4146 3738 3239  D2-BC9F-BFAF7829
0000150: 3033 3044 0055 5345 523d 6d6f 6c74 0053  030D.USER=dude.S
0000160: 5348 5f41 5554 485f 534f 434b 3d2f 7072  SH_AUTH_SOCK=/pr
0000170: 6976 6174 652f 746d 702f 636f 6d2e 6170  ivate/tmp/com.ap
0000180: 706c 652e 6c61 756e 6368 642e 4761 6f68  ple.launchd.Gaoh
0000190: 5949 3869 565a 2f4c 6973 7465 6e65 7273  YI8iVZ/Listeners
00001a0: 005f 5f43 465f 5553 4552 5f54 4558 545f  .__CF_USER_TEXT_
00001b0: 454e 434f 4449 4e47 3d30 7831 4635 3a30  ENCODING=0x1F5:0
00001c0: 7830 3a30 7830 0050 4154 483d 2f55 7365  x0:0x0.PATH=/Use
00001d0: 7273 2f6d 6f6c 742f 6c6f 6361 6c2f 6763  rs/dude/local/gc
00001e0: 632f 7769 6e36 342f 6269 6e3a 2f55 7365  c/win64/bin:/Use
00001f0: 7273 2f6d 6f6c 742f 6c6f 6361 6c2f 6763  rs/dude/local/gc
0000200: 632f 6c69 6e75 782f 6269 6e3a 2f55 7365  c/linux/bin:/Use
0000210: 7273 2f6d 6f6c 742f 6c6f 6361 6c2f 7477  rs/dude/local/tw
0000220: 6c61 6e2f 6269 6e3a 2f55 7365 7273 2f6d  lan/bin:/Users/m
0000230: 6f6c 742f 6c6f 6361 6c2f 7a65 7068 6972  olt/local/zephir
0000240: 2f62 696e 3a2f 5573 6572 732f 6d6f 6c74  /bin:/Users/dude
0000250: 2f6c 6f63 616c 2f6d 7973 716c 2f62 696e  /local/mysql/bin
0000260: 3a2f 5573 6572 732f 6d6f 6c74 2f6c 6f63  :/Users/dude/loc
0000270: 616c 2f62 696e 3a2f 5573 6572 732f 6d6f  al/bin:/Users/mo
0000280: 6c74 2f6c 6f63 616c 2f73 6269 6e3a 2f75  lt/local/sbin:/u
0000290: 7372 2f6c 6f63 616c 2f62 696e 3a2f 7573  sr/local/bin:/us
00002a0: 722f 6269 6e3a 2f62 696e 3a2f 7573 722f  r/bin:/bin:/usr/
00002b0: 7362 696e 3a2f 7362 696e 3a2f 6f70 742f  sbin:/sbin:/opt/
00002c0: 5831 312f 6269 6e3a 2f75 7372 2f6c 6f63  X11/bin:/usr/loc
00002d0: 616c 2f67 6974 2f62 696e 3a2f 7573 722f  al/git/bin:/usr/
00002e0: 6c6f 6361 6c2f 676f 2f62 696e 0050 5744  local/go/bin.PWD
00002f0: 3d2f 5573 6572 732f 6d6f 6c74 2f44 6573  =/Users/dude/Des
0000300: 6b74 6f70 004a 4156 415f 484f 4d45 3d2f  ktop.JAVA_HOME=/
0000310: 4c69 6272 6172 792f 4a61 7661 2f4a 6176  Library/Java/Jav
0000320: 6156 6972 7475 616c 4d61 6368 696e 6573  aVirtualMachines
0000330: 2f6a 646b 312e 382e 305f 3430 2e6a 646b  /jdk1.8.0_40.jdk
0000340: 2f43 6f6e 7465 6e74 732f 486f 6d65 0058  /Contents/Home.X
0000350: 5043 5f46 4c41 4753 3d30 7830 0050 5331  PC_FLAGS=0x0.PS1
0000360: 3d5c 5b5c 655b 303b 313b 3337 6d5c 5d5c  =\[\e[0;1;37m\]\
0000370: 683a 5c57 205c 7524 205c 5b5c 655b 306d  h:\W \u$ \[\e[0m
0000380: 5c5d 0050 5332 3d5c 5b5c 655b 303b 313b  \].PS2=\[\e[0;1;
0000390: 3337 6d5c 5d3e 205c 5b5c 655b 306d 5c5d  37m\]> \[\e[0m\]
00003a0: 0058 5043 5f53 4552 5649 4345 5f4e 414d  .XPC_SERVICE_NAM
00003b0: 453d 3000 5348 4c56 4c3d 3100 484f 4d45  E=0.SHLVL=1.HOME
00003c0: 3d2f 5573 6572 732f 6d6f 6c74 004f 4c44  =/Users/dude.OLD
00003d0: 5041 5448 3d2f 7573 722f 6c6f 6361 6c2f  PATH=/usr/local/
00003e0: 6269 6e3a 2f75 7372 2f62 696e 3a2f 6269  bin:/usr/bin:/bi
00003f0: 6e3a 2f75 7372 2f73 6269 6e3a 2f73 6269  n:/usr/sbin:/sbi
0000400: 6e3a 2f6f 7074 2f58 3131 2f62 696e 3a2f  n:/opt/X11/bin:/
0000410: 7573 722f 6c6f 6361 6c2f 6769 742f 6269  usr/local/git/bi
0000420: 6e3a 2f75 7372 2f6c 6f63 616c 2f67 6f2f  n:/usr/local/go/
0000430: 6269 6e00 4c4f 474e 414d 453d 6d6f 6c74  bin.LOGNAME=dude
0000440: 0044 4953 504c 4159 3d2f 7072 6976 6174  .DISPLAY=/privat
0000450: 652f 746d 702f 636f 6d2e 6170 706c 652e  e/tmp/com.apple.
0000460: 6c61 756e 6368 642e 5130 5a78 5335 5a64  launchd.Q0ZxS5Zd
0000470: 664e 2f6f 7267 2e6d 6163 6f73 666f 7267  fN/org.macosforg
0000480: 652e 7871 7561 7274 7a3a 3000 5f3d 2f55  e.xquartz:0._=/U
0000490: 7365 7273 2f6d 6f6c 742f 4465 736b 746f  sers/dude/Deskto
00004a0: 702f 7465 7374 004f 4c44 5057 443d 2f55  p/test.OLDPWD=/U
00004b0: 7365 7273 2f6d 6f6c 7400 0000 0000 0000  sers/dude.......
00004c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00004d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00004e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00004f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000500: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000510: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000520: 0000 0000 0000 0000 0000 0000 0000 ffbf  ................ # <-- ffbf?
0000530: 0000 0000 2f55 7365 7273 2f6d 6f6c 742f  ..../Users/dude/ # <-- again?
0000540: 4465 736b 746f 702f 7465 7374 0000 0000  Desktop/test....
0000550: 0033 3333                                .333             # <-- memset(, 0x33, )

With KERN_PROCARGS2, the 4 bytes for argc don't seem to affect the alignment of the first... thingy, but no 0x33 from the original buffer are carried over.

Wat.
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: Accessing command line arguments from KAuth scope

Postby TheDarkKnight » Thu Apr 14, 2016 4:17 pm

DK: What's a good email to get you at?

I've sent you a LinkedIn request.

Siguza, I'm now using the following (though will substitute ARG_MAX for requesting the value via sysctl). Note that I use Qt, but I'm sure you can adapt it appropriately

Code: Select all
QStringList GetProcessArgumentList(int pid)
{
    QStringList argumentList;
    char *procargs = NULL;

    /* Allocate space for the arguments. */
    procargs = (char *)malloc(ARG_MAX);
    if (procargs == NULL)
    {
        qDebug() << "Failed to allocate space" << endl;
        return argumentList;
    }

    // Get process arguments and environment variables
    int mib2[] = {CTL_KERN, KERN_PROCARGS2, pid};
    size_t size = ARG_MAX;
    if (sysctl(mib2, 3, procargs, &size, NULL, 0) == -1)
    {
        free(procargs);
        procargs = NULL;
        qDebug() << "Failed to retrieve arguments" << endl;
        return argumentList;       /* Insufficient privileges */
    }

    // 1st int is number of arguments when using KERN_PROCARGS2
    int numArgs = *((int*)procargs);
    qDebug() << "Num args: " << numArgs;

    // get ptr to start of arguments
    char* pArgs = procargs;
    pArgs += sizeof(int);

    QByteArray arguments(pArgs, size);
    QList<QByteArray> argList = arguments.split('\0');

    int idx = 1; // ignore the first path to the process
    int blankLines = 0;
    while(idx < numArgs + 1 + blankLines) // +1 to include the path and name of process
    {
        QByteArray arg = argList.at(idx);
        QString str(arg);
        if(str != "\0")
            argumentList.push_back(str);
        else
            ++blankLines;
        ++idx;
    }

    free(procargs);
    return argumentList;
}


So a command of top -n 10 will return the 3 items as a list of strings
TheDarkKnight
 
Posts: 26
Joined: Wed Dec 16, 2015 10:30 am

Previous

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest