Bug 107887

Summary: Extra whitespace in comm= field
Product: dbus Reporter: Laurent Bigonville <bigon>
Component: coreAssignee: D-Bus Maintainers <dbus>
Status: RESOLVED MOVED QA Contact: D-Bus Maintainers <dbus>
Severity: minor    
Priority: low    
Version: git master   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Laurent Bigonville 2018-09-10 13:25:09 UTC 
Hi,

It seems that in the log the comm= field contain an extra whitespace at the end:
"dbus-daemon[23494]: [session uid=1000 pid=23494] Connection :1.0 (uid=1000 pid=23495 comm="dbus-monitor " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") became a monitor."


Looking at the code, it seems that _dbus_command_for_pid() is at fault here. /proc/<pid>/cmdline also contain a final \0 which is translated to a whitespace, this one should probably be stripped?
Comment 1 Simon McVittie 2018-09-10 13:57:48 UTC 
Yes, it seems cmdline consists of \0-terminated (rather than \0-separated) words. When translating those into space-separated words for the comm field, the last \0 should be eaten.

% sh -c 'xxd /proc/$$/cmdline'
00000000: 7368 002d 6300 7878 6420 2f70 726f 632f  sh.-c.xxd /proc/
00000010: 2424 2f63 6d64 6c69 6e65 00              $$/cmdline.
% sh -c 'xxd /proc/$$/cmdline' arg0 arg1 "" 
00000000: 7368 002d 6300 7878 6420 2f70 726f 632f  sh.-c.xxd /proc/
00000010: 2424 2f63 6d64 6c69 6e65 0061 7267 3000  $$/cmdline.arg0.
00000020: 6172 6731 0000                           arg1..
          |<----->|
             arg1
                   ->||<-
         empty string between two \0
Comment 2 Simon McVittie 2018-09-10 14:00:19 UTC 
Note that /proc/pid/cmdline is trivial to fake (e.g. avahi-daemon edits its own command-line to show status), so comm is just a debug/diagnostic thing, and is not suitable to make part of a security feature.
Comment 3 GitLab Migration User 2018-10-12 21:36:20 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/222.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.