ps - Running a single executable with sudo adds two processes in process list - Ask Ubuntu


i wrote program captures packets network interface. listens network adapter, need run sudo. question is, why when run it, add 2 processes processes list?

note : lwdpi program

before execution:

ghasemi@ghasemi-ms-7693:~/desktop/lwdpi_cpp$ ps ax | grep lwdpi  4665 pts/21   s+     0:00 grep --color=auto lwdpi ghasemi@ghasemi-ms-7693:~/desktop/lwdpi_cpp$   execution: ghasemi@ghasemi-ms-7693:~/desktop/lwdpi_cpp$ sudo ./lwdpi -i enp5s0 2016:10:26 11:07:29 ::   192.168.1.25   9918  -->     239.1.99.222   9918    udp 2016:10:26 11:07:29 ::  192.168.1.111   5353  -->      224.0.0.251   5353    udp 2016:10:26 11:07:30 ::  192.168.1.153   5353  -->      224.0.0.251   5353    udp 2016:10:26 11:07:30 ::  192.168.1.154   5353  -->      224.0.0.251   5353    udp 2016:10:26 11:07:30 ::   192.168.1.88   5353  -->      224.0.0.251   5353    udp 2016:10:26 11:07:30 ::   192.168.1.60   5353  -->      224.0.0.251   5353    udp 2016:10:26 11:07:37 ::  192.168.1.131  17500  -->  255.255.255.255  17500    udp 2016:10:26 11:07:37 ::  192.168.1.131  17500  -->    192.168.1.255  17500    udp 2016:10:26 11:07:37 ::  192.168.1.169   5546  -->     192.168.1.38     53    udp 2016:10:26 11:07:37 ::  192.168.1.169  30955  -->     192.168.1.38     53    udp 2016:10:26 11:07:38 ::  192.168.1.110  17500  -->  255.255.255.255  17500    udp 2016:10:26 11:07:38 ::  192.168.1.110  17500  -->    192.168.1.255  17500    udp 2016:10:26 11:07:42 ::  192.168.1.169  57189  -->     192.168.1.38     53    udp 2016:10:26 11:07:42 ::  192.168.1.169  26072  -->     192.168.1.38     53    udp 2016:10:26 11:07:42 ::  192.168.1.169  41674  -->   199.30.228.113     80    tcp 2016:10:26 11:07:43 ::  192.168.1.169  41676  -->   199.30.228.113     80    tcp 2016:10:26 11:07:43 ::  192.168.1.169   7190  -->     192.168.1.38     53    udp 2016:10:26 11:07:43 ::  192.168.1.169  30029  -->     192.168.1.38     53    udp 2016:10:26 11:07:43 ::  192.168.1.169  41678  -->   199.30.228.113     80    tcp 2016:10:26 11:07:43 ::  192.168.1.169  64975  -->     192.168.1.38     53    udp 2016:10:26 11:07:43 ::  192.168.1.169  12625  -->     192.168.1.38     53    udp 2016:10:26 11:07:43 ::  192.168.1.169  29973  -->     192.168.1.38     53    udp 2016:10:26 11:07:43 ::  192.168.1.169  53300  -->     216.58.211.4    443    tcp 2016:10:26 11:07:43 ::  192.168.1.169  41682  -->   199.30.228.113     80    tcp . . .

processes list while execution:

ghasemi@ghasemi-ms-7693:~/desktop/lwdpi_cpp$ ps ax | grep lwdpi  4685 pts/22   s+     0:00 sudo ./lwdpi -i enp5s0  4686 pts/22   s+     0:00 ./lwdpi -i enp5s0  4691 pts/21   s+     0:00 grep --color=auto lwdpi ghasemi@ghasemi-ms-7693:~/desktop/lwdpi_cpp$

as see above, after execution, processes pid = 4685 , pid = 4686 added process list. why? didn't called program inside it!

when do:

sudo ./lwdpi -i enp5s0

  • sudo parent process, fork(2)s child, execve(2) ./lwdpi executable name

  • so lwdpi sudo's child process

this results in 2 processes can see, 1 sudo , lwdpi.

the best way see details check ppid (parent process id) too:

ps -eo pid,ppid,args | grep '[l]wdpi'

you'll see lwdpi's parent sudo itself.

here sudo's process model, man sudo:

when sudo runs command, calls fork(2), sets execution environment described above, , calls execve system call in child process. main sudo process waits until command has completed, passes command's exit status security policy's close function , exits.

if i/o logging plugin configured or if security policy explicitly requests it, new pseudo-terminal (“pty”) created , second sudo process used relay job control signals between user's existing pty , new pty command being run in. process makes possible to, example, suspend , resume command. without it, command in posix terms “orphaned process group” , not receive job control signals.

as special case, if policy plugin not define close function , no pty required, sudo execute command directly instead of calling fork(2) first. sudoers policy plugin define close function when i/o logging enabled, pty required, or pam_session or pam_setcred options enabled. note pam_session , pam_setcred enabled default on systems using pam.


Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried ...
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more