DF-0015 / run.log
running as uid=1001 (./leak_pathname); self pid=1855; target pid=1 (not ours)
kern.ps_argsopen = 0
=== exe-path leak via kern.proc.pathname.<target> ===
kern.proc.pathname .1 : rc=0 len= 11 '/sbin/init'
=== contrast: gated siblings on the same target ===
kern.proc.args .1 : rc=0 len=0 (blocked/empty)
kern.proc.cwd .1 : rc=0 len=0 (blocked/empty)
=== self control (we own self) ===
kern.proc.pathname .1855 : rc=0 len= 37 '/home/maxx/poc/DF-0015/leak_pathname'
=== several other root-owned daemons ===
kern.proc.pathname .1 : rc=0 len= 11 '/sbin/init'
kern.proc.pathname .68 : rc=0 len= 14 '/sbin/hammer2'
kern.proc.pathname .285 : rc=0 len= 15 '/sbin/dhclient'
kern.proc.pathname .328 : rc=0 len= 11 '/sbin/devd'
kern.proc.pathname .411 : rc=0 len= 18 '/usr/sbin/syslogd'
kern.proc.pathname .699 : rc=0 len= 15 '/usr/sbin/sshd'
kern.proc.pathname .730 : rc=0 len= 15 '/usr/sbin/cron'
INTERPRETATION:
- pathname.<target> returns a path -> exe path of a process we
do NOT own is leaked to us.
- If ps_argsopen==0 and args/cwd are blocked while pathname is
NOT, then pathname is the un-gated sibling -> DF-0015 reproduced.
RUN_EXIT=0