从 proc/sys/kernel/读取数据 [英] Read data from proc/sys/kernel/
问题描述
我想创建程序以获取有关操作系统的信息.我尝试使用系统调用,但认为从系统文件读取会更快(直接).因此,我编写了一个简单的程序,用于从目录/proc/sys/kernel/"的文件中读取数据.并想要读取文件:osrelease 主机名、ostype 和其他.... 所以,我确实认为只是但不是.当我读取文件主机名"时我明白了:
I want create program for get info about operating system. I tried used syscalls, but think that read from systems files will be more faster (directly). So, i write simple program for read data from file from directory "/proc/sys/kernel/" and want read files: osrelease hostname, ostype and other.... So, i did supposed is just but isn't. When i read file "hostname" i got this:
����
如果我以超级用户身份阅读,我会得到正常数据
If i read as superuser i got normal data
oleg
这是我的程序代码:
global _start
section .data
file db "/proc/sys/kernel/hostname",0
section .bss
buf resb 1024
descriptor resb 4
len equ 1024
section .text
_start:
mov eax, 5
mov ebx, file
mov ecx, 2
int 80h
mov [descriptor], eax
read:
mov eax, 3 ;read text
mov ebx, [descriptor];
mov ecx, buf ;read to variable buf
mov edx, len ;size of bug
int 80h ;interrupt
print_text:
mov edx, eax
mov eax, 4
mov ebx, 1
mov ecx, buf
int 80h
close_file:
mov eax, 6
mov ebx, [descriptor]
int 80h
exit:
mov eax, 1
mov ebx, 0
int 80h
所以,我想更改文件名并可以获得其他系统信息,但这是错误的,因为我没有得到结果.因此,我更改文件路径,编译项目并以超级用户身份执行程序,但没有得到结果.没有什么...我可以读取除此目录(proc/sys/kernel")之外的所有文件.我在 google 上搜索了有关此问题的信息,但没有找到类似的问题.我认为这是操作系统的安全性,但我只阅读信息,不写...我知道使用 syscall 更简单,但想要不了解操作系统的结构.为什么我无法从该目录中读取信息?那么,您能否附上有关此问题的有用信息?
So, i thought change name of file and can get other system information, but it's mistake, because i don't got result. So, i change path to file, compile project and execute program as super user and i don't get result. Nothing... I can read all files except this directory ("proc/sys/kernel"). I googled information about this problem and don't find similar problem. I think it is security of OS, but i only read info, don't write... I understand that using syscall more simple, but want undestand structure of OS. Why i can't read info from this directory? So, can you attach useful info about this problam, please?
推荐答案
mov ecx, 2
open() 的 flags 值为 2 是 O_RDWR.您正在尝试以读写方式打开文件,作为普通用户您不能这样做,因为它只能由 root 写入(我系统上的模式为 0644).Unix 权限检查是在您打开文件时进行的,而不是在每个单独的读取和写入时进行,因此即使您不打算实际写入文件,也会失败.
A flags value of 2 for open() is O_RDWR. You're attempting to open the file read-write, which as a normal user you cannot do because it's writable only by root (mode 0644 on my system). Unix permission checks are done when you open the file, not on each individual read and write, so this fails even though you do not intend to actually write to the file.
所以 open 调用返回一个负错误代码(你没有检查),你将它作为 fd 传递给读取,因此也会失败并返回一个负错误代码(你也不要检查),因此您的缓冲区仍然包含一堆零.您将此负错误代码作为长度传递给 write(),后者将其解释为一个巨大的正数,不仅从 buf 中写出零字节,而且还写出任何垃圾在内存中跟随它,直到它运行到地址空间的末尾.
So the open call returns a negative error code (which you don't check for), you pass this as the fd to read which thus also fails with a negative error code (which you also don't check for) and thus your buffer still contains a bunch of zeros. You pass this negative error code as the length to write(), which interprets it as a huge positive number and writes out not only the zero bytes from buf, but also whatever garbage follows it in memory, until it runs off the end of your address space.
这对我作为 root 有效.我不太明白你的最后一段,在这种情况下无法判断它是否适合你.如果没有,您可能有安全级别或其他一些机制,即使以 root 身份也可以阻止写入文件.请注意,/proc/sys/kernel 中的一些其他文件即使被 root 也无法写入,例如/proc/sys/kernel/version 是 0444,所以对于那些文件,即使你是 root,你的程序也会像上面一样失败.
This does work for me as root. I don't quite understand your last paragraph and can't tell whether it does or doesn't work for you in that case. If it doesn't, you may have securelevels or some other mechanism that prevents writing the file even as root. Note that some other files in /proc/sys/kernel are not writable even by root, e.g. /proc/sys/kernel/version which is 0444, so for those files your program will fail as above even if you are root.
但是由于您不关心写入文件,因此只需使用值为 0 的标志 O_RDONLY.所以 xor ecx, ecx 代替.有了这个改变,程序就可以作为普通用户使用了.
But since you don't care about writing the file, just use flags O_RDONLY which has the value 0. So xor ecx, ecx instead. With this change the program works for me as a normal user.
在整个过程中检查错误是个好主意.
Error checking throughout would be a good idea.
这篇关于从 proc/sys/kernel/读取数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
