Summer 2009 Daemons and Other ProcessesProcesses and Daemons+ Fundamentally, kernels provide a few logical constructsthat mediate access to either real or virtual resources.The two most important in Unix are processes andfilesystems.+ You can view the characteristics of processes on a Unixmachine with a variety of programs, including ps, top,lsof, and even ls.CNT 4603Summer 2009 Daemons and Other ProcessesWhat Unix/Linux system administratorssee – ps[root@localhost root]# cat /etc/redhat-releaseFedora release 8 (Werewolf)[root@localhost root]# ps -elf # This is SYSV; Berkeley = ’ps axlww’F S UID PID PPID C PRI NI TTY TIME CMD4 S root 1 0 0 75 0 ? 00:00:08 init4 S root 1573 1384 0 75 0 tty 00:00:00 -bash5 S root 7492 1 0 75 0 ? 00:01:08 sendmail: accepting1 S smmsp 7497 1 0 75 0 ? 00:00:00 sendmail: Queue run5 S apache 25079 1321 0 75 0 ? 00:00:00 /usr/sbin/httpd5 S apache 25080 1321 0 75 0 ? 00:00:00 /usr/sbin/httpd5 S apache 25085 1321 0 75 0 ? 00:00:00 /usr/sbin/httpd5 S apache 25086 1321 0 75 0 ? 00:00:00 /usr/sbin/httpdCNT 4603Summer 2009 Daemons and Other ProcessesWhat system administrators see – ps5 S root 13137 7492 0 76 0 ? 00:00:00 sendmail: server [10.1.5 S root 16572 7492 0 75 0 ? 00:00:00 sendmail: k0CBPF4I016575 S root 18574 7492 0 75 0 ? 00:00:00 sendmail: k0CBcKUk018575 S root 20824 7492 0 75 0 ? 00:00:00 sendmail: k0CBs9CZ020825 S root 22950 7523 6 75 0 ? 00:04:14 /usr/bin/perl5 S root 23050 7523 6 78 0 ? 00:03:58 /usr/bin/perl5 S root 32112 1151 0 75 0 ? 00:00:00 sshd: root@pts/04 S root 32142 32112 0 75 0 pts/0 00:00:00 -bash5 S root 32286 1 0 83 0 ? 00:00:00 sendmail: ./k0CD8sHV0325 S root 32317 7492 0 75 0 ? 00:00:00 sendmail: k0CD96Jh03231CNT 4603Summer 2009 Daemons and Other ProcessesWhat Unix/Linux system administratorssee – top[root@localhost root]# top -b -n1 # run in batch mode for one iteration08:17:41 up 1 day, 18:12, 2 users, load average: 9.69, 9.14, 8.89115 processes: 114 sleeping, 1 running, 0 zombie, 0 stoppedCPU states: cpu user nice system irq softirq iowait idletotal 0.0% 0.0% 0.9% 0.0% 0.9% 0.0% 98.0%Mem: 510344k av, 392504k used, 117840k free, 0k shrd, 17208k buff240368k actv, 55488k in_d, 4760k in_cSwap: 522104k av, 90392k used, 431712k free 72852k cachedPID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND1090 root 20 0 1088 1088 832 R 0.9 0.2 0:00 0 top1 root 15 0 492 456 432 S 0.0 0.0 0:08 0 init3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventdCNT 4603Summer 2009 Daemons and Other ProcessesWhat Unix/Linux system administratorssee - lsof[root@localhost root]# lsof # heavily redacted to fit on pageCOMMAND PID USER NODE NAMEsendmail 20824 root 159526 /lib/libcrypt-2.3.2.sosendmail 20824 root 159568 /lib/libcrypto.so.0.9.7asendmail 20824 root 319023 /usr/lib/libldap.so.2.0.17sendmail 20824 root 32286 /usr/lib/sasl/libcrammd5.so.1.0.19sendmail 20824 root 32104 /usr/kerberos/lib/libk5crypto.so.3.0sendmail 20824 root 32095 /lib/tls/libdb-4.2.soCNT 4603Summer 2009 Daemons and Other ProcessesWhat system administrators see - lsofsendmail 20824 root 318943 /usr/lib/libz.so.1.1.4sendmail 20824 root 65611 /dev/nullsendmail 20824 root TCP anothermachine.com:smtp->10.1.1.20:sendmail 20824 root 65611 /dev/nullsendmail 20824 root 16220 socketsendmail 20824 root TCP anothermachine.com:smtp->10.1.1.20:sendmail 20824 root TCP localhost.localdomain:48512->localhsendmail 20824 root TCP anothermachine.com:smtp->10.1.1.20:CNT 4603Summer 2009 Daemons and Other ProcessesProcesses and Daemons : fork(2)andclone(2)+ Fundamentally, kernels provide some logical constructsthat mediate access to either real or virtual resources.The two most important in Unix are processes andfilesystems.+ A new process is created by fork(2); or, alternatively,in Linux with clone(2)since processes and threads areboth just task struct in Linux.CNT 4603Summer 2009 Daemons and Other ProcessesProcesses and Daemons : fork(2)andclone(2)+ With clone(2), memory, file descriptors and signalhandlers are still shared between parent and child.+ With fork(2), these are copied, not shared.CNT 4603Summer 2009 Daemons and Other ProcessesStarting a Unix/Linux process+ exec*()instantiates a new executable:ó Usually, when doing an exec*()the named file isloaded into the current process’s memory spaceCNT 4603Summer 2009 Daemons and Other ProcessesStarting a Unix/Linux processó Unless the first two characters of the file are #! andthe following characters name a valid pathname to anexecutable file, in which that file is instead loadedó If the executable is dynamically linked, then thedynamic loader maps in the necessary bits (not doneif the binary is statically linked.)CNT 4603Summer 2009 Daemons and Other ProcessesStarting a Unix/Linux processó Then code in the initial “.text” section is thenexecuted. (There are three main types of sections:“.text” sections for executable code, “.data” sections(including read-only “.rodata” sections), and “.bss”sections (Blocks Started by Symbol) which contains“uninitialized” data.CNT 4603Summer 2009 Daemons and Other ProcessesSome Typical Assembly Code.file "syslog.c" ; the file name this originated in.data ; a data section.align 4 ; put PC on 4 (or 16) byte alignment.type LogFile,@object ; create a reference of type object.size LogFile,4 ; and give it 4 bytes in sizeCNT 4603Summer 2009 Daemons and Other ProcessesSome Typical Assembly CodeLogFile: ; address for object.long -1 ; initialize to a value of -1.align 4 ; align . to 4 (16) byte.type LogStat,@object ; a new object reference is created.size LogStat,4 ; give it 4 bytes alsoLogStat: ; here’s its address in memory.long 0 ; and initialized it to a value zero.section .rodata ; here’s a ‘‘read-only’’ sectionCNT 4603Summer 2009 Daemons and Other ProcessesSome Typical Assembly Code.LC0: ; local label for a string.string "syslog" ; initialized to "syslog"[ ... ].text ; now we have some executable code.globl syslog ; and it iss a global symbol for.type syslog,@function ; a function syslog()CNT 4603Summer 2009 Daemons and Other ProcessesSome Typical Assembly Codesyslog:pushl %ebp ; and away we go...movl %esp, %ebpsubl $8, %espCNT 4603Summer 2009 Daemons and Other ProcessesDaemon processes+ When we refer to a daemon process, we are referringto a process with these characteristics:ó Generally persistent (though it may spawn temporaryhelper processes like xinetd does)CNT 4603Summer 2009 Daemons and Other ProcessesDaemon processesó No controlling terminal (and the
View Full Document
Unlocking...