On Tue, Jul 09, 2019 at 11:16:24PM +0200, ropers wrote:
> On 09/07/2019, Stuart Henderson <[email protected]> wrote:
> > The lsof port didn't display filenames. That information is not
> > available on OpenBSD (and is not trustworthy on other OS either;
> > files could have been moved/replaced since opening).
>
> Interesting. Thanks.
> Is the (un)availability of filename info a feature of the filesystem
> (ext2/3/etc vs FFS) or of the OS?
> Are there security implications to this info being available/unavailable?
This information is actually meaningless, on *any* Unix-like OS.
You've got data on the disk. That data is accessible through a file
descriptor. That file descriptor may or may not correspond to a file name.
The following is perfectly okay in unix:
fd = open("/tmp/myfile", O_RDWR|O_CREAT|OTRUNC, 0666);
unlink("/tmp/myfile");
there. You've got a fd with no name attached to it.
similarly:
fd = open("/tmp/myfile", O_RDWR|O_CREAT|OTRUNC, 0666);
rename("/tmp/myfile", "/tmp/myfile2");
there. What's the fd name ?
or
fd = open("/tmp/myfile", O_RDWR|O_CREAT|OTRUNC, 0666);
link("/tmp/myfile", "/tmp/myfile2");
do you return myfile or myfile2 ?
you could keep some correspondence between fds and file names, but it
might get out of date, or be meaningless.
You've got this one feature: fstat(2) will give you
dev_t st_dev; /* inode's device */
ino_t st_ino; /* inode's number */
from which you could walk the device and retrieve things
(and actually it's very useful to uniquely identify files on a system)
And also, there's no guarantee that what information you determine will
be valid for any amount of time, as files may be renamed.
Guess what ? This is exactly the info fstat(1) displays. And not more,
with the exact same caveats in its manpage, though in terser fashion.
