|
|
ps output length for command tail
Under Solaris 8/10, the output of the ps command for the command tail is
limited to 80 characters (PRARGSZ from sys/procfs.h). The man page is
explicit regarding this (unfortunate) decision :-)
It USED to be that /usr/ucb/ps did not have this limit; recent patch levels
appear to have imposed it on that version of ps as well.
Is there any other way to see the FULL command tail for processes?
Thanks . . . .
Dan
|
|
0
|
|
|
|
Reply
|
 Dan
|
5/4/2007 2:54:53 PM |
|
On 2007-05-04 15:54:53 +0100, Dan Rawson
<drawson1.take.this.out@earthlink.dot.net> said:
> Under Solaris 8/10, the output of the ps command for the command tail
> is limited to 80 characters (PRARGSZ from sys/procfs.h). The man page
> is explicit regarding this (unfortunate) decision :-)
>
> It USED to be that /usr/ucb/ps did not have this limit; recent patch
> levels appear to have imposed it on that version of ps as well.
>
> Is there any other way to see the FULL command tail for processes?
Does pargs(1) work?
Cheers,
Chris
|
|
|
0
|
|
|
|
Reply
|
Chris
|
5/4/2007 3:15:13 PM
|
|
Dan Rawson <drawson1.take.this.out@earthlink.dot.net> wrote:
> Under Solaris 8/10, the output of the ps command for the command tail is
> limited to 80 characters (PRARGSZ from sys/procfs.h). The man page is
> explicit regarding this (unfortunate) decision :-)
> It USED to be that /usr/ucb/ps did not have this limit; recent patch levels
> appear to have imposed it on that version of ps as well.
No version of 'ps' has the limit, the limit is the data itself and your
ability to access it.
When a process is launched, the kernel keeps a static copy of the first
80 characters of the exec string and puts it in a kernel buffer. This
string never changes during the life of the process, so it's very safe.
/usr/bin/ps will read that information by default.
The process itself holds similar information within its own memory,
accessible as ARGV.
The problem is that access to the processes ARGV is tricky to arrange
without also allowing access to other things (that maybe you shouldn't
have access to). So the default is that only privileged processes
(normally root and the process owner) are allowed access to ARGV.
'pargs' will display this information, or an error if you don't have the
privileges to see it. '/usr/ucb/ps' will also try to show this
information, but it will fall back to the kernel string if permission is
not there.
You should also be aware that processes can lie and modify the contents
of ARGV after launch (for either good or evil purposes).
On at least a couple of the machines I checked, Solaris 9 installed
/usr/ucb/sparcv[79]/ps as setuid, while in Solaris 10 it is no longer
setuid.
So you could re-enable that if you're willing to take that security risk.
> Is there any other way to see the FULL command tail for processes?
'pargs' and sufficient privileges (assuming that the contents of ARGV
are still valid).
--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
|
|
|
0
|
|
|
|
Reply
|
Darren
|
5/4/2007 3:24:43 PM
|
|
Darren Dunham wrote:
> Dan Rawson <drawson1.take.this.out@earthlink.dot.net> wrote:
>> Under Solaris 8/10, the output of the ps command for the command tail is
>> limited to 80 characters (PRARGSZ from sys/procfs.h). The man page is
>> explicit regarding this (unfortunate) decision :-)
>
>> It USED to be that /usr/ucb/ps did not have this limit; recent patch levels
>> appear to have imposed it on that version of ps as well.
>
> No version of 'ps' has the limit, the limit is the data itself and your
> ability to access it.
>
> When a process is launched, the kernel keeps a static copy of the first
> 80 characters of the exec string and puts it in a kernel buffer. This
> string never changes during the life of the process, so it's very safe.
> /usr/bin/ps will read that information by default.
>
> The process itself holds similar information within its own memory,
> accessible as ARGV.
>
> The problem is that access to the processes ARGV is tricky to arrange
> without also allowing access to other things (that maybe you shouldn't
> have access to). So the default is that only privileged processes
> (normally root and the process owner) are allowed access to ARGV.
>
> 'pargs' will display this information, or an error if you don't have the
> privileges to see it. '/usr/ucb/ps' will also try to show this
> information, but it will fall back to the kernel string if permission is
> not there.
>
> You should also be aware that processes can lie and modify the contents
> of ARGV after launch (for either good or evil purposes).
>
> On at least a couple of the machines I checked, Solaris 9 installed
> /usr/ucb/sparcv[79]/ps as setuid, while in Solaris 10 it is no longer
> setuid.
>
> So you could re-enable that if you're willing to take that security risk.
>
>> Is there any other way to see the FULL command tail for processes?
>
> 'pargs' and sufficient privileges (assuming that the contents of ARGV
> are still valid).
>
Thanks for the (detailed!) response . . . . pargs indeed does the trick.
A quick check here shows that, on Solaris 8 with an OLD patchlevel
(117850-18), /usr/ucb/ps will return the whole command-tail; on Solaris 9
and Solaris 10, it doesn't.
In this particular case, since we're running the script as the owner of ALL
the procs (but across multiple machines), we can use pargs.
Thanks!
Dan
|
|
|
0
|
|
|
|
Reply
|
Dan
|
5/4/2007 4:08:03 PM
|
|
|
3 Replies
340 Views
(page loaded in 0.055 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25711 articles. 
78 followers. 