• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Processes running path
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Processes running path

  • Subject: Re: Processes running path
  • From: matt jaffa <email@hidden>
  • Date: Fri, 17 Jun 2005 17:35:17 -0600
Well basically I am trying to associate outgoing traffic with the
process that is sending it using a socket filter. It works great, and
right now I have my kext sending the pid to a super user process in
user space that gets the process path and sends it back. This is less
than ideal, I would rather have the kext be able to get this info.

In Panther I wrote my own function in the kernel that would look at
the process structure and look at the path from the process user space
stack. But now Tiger hides the process structure definition and other
definitions my function used so it has become useless in Tiger.

I just don't want my application to have all these processes have to
be running for it to work.

Matt

On 6/17/05, Terry Lambert <email@hidden> wrote:
> On Jun 16, 2005, at 11:18 PM, Josh Graessley wrote:
> > There isn't a good, straightforward way of doing this.
> >
> > If you get in touch with DTS, they may be able to work with you
> > towards a solution. We are aware of the issue and have a bug
> > (enhancement request) filed to track it.
> >
> > -josh
> >
> > On Jun 16, 2005, at 9:31 PM, matt jaffa wrote:
> >
> >
> >> Does anyone on this list know of some api or hack of using a
> >> processes
> >> id (pid) in a network kernel extension to get that process running
> >> path?
> >>
> >> Thanks
> >> Matt
>
> Specifically, the path is stored into the strings area at the top of
> the user stack during the exec process for use by the "open(1)"
> command in obtaining bundle ID information.  Because this is in
> memory belonging to the user process, it's possible for the user
> process to modify its contents after the application has started, so
> you cannot trust that the information is reliable or accurate to
> create a security association (as one example use someone might have
> for needing this information).
>
> If it's not for a security association, one method would be to have
> to program tell the kext.
>
> For bundle information, the most correct thing for the process to do
> is to write a file in /var/run with the information; this is probably
> not usesful for a kext, though, since you shouldn't be trying to do
> file I/O from a kext.
>
> If you can tell us why you need the information, we can probably tell
> you a different way to solve the problem you are trying to solve.
>
> -- Terry
>
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Processes running path
      • From: Mike Smith <email@hidden>
    • Re: Processes running path
      • From: Terry Lambert <email@hidden>
References: 
 >Processes running path (From: matt jaffa <email@hidden>)
 >Re: Processes running path (From: Josh Graessley <email@hidden>)
 >Re: Processes running path (From: Terry Lambert <email@hidden>)

  • Prev by Date: Re: Processes running path
  • Next by Date: Kernel Controls Buffer Size Issue
  • Previous by thread: Re: Processes running path
  • Next by thread: Re: Processes running path
  • Index(es):
    • Date
    • Thread