blob: 842017ea4331dee62415200843c47cac4c6c1ca3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
The following is an example of the statsnoop tool.
statsnoop is a companion to opensnoop, which traces a variety of stat()
calls rather than open() calls.
Here I run statsnoop on my idle laptop for about 3 seconds,
# statsnoop
UID PID COMM FD PATH
0 1485 dtrace 0 /devices/pseudo/pts@0:6
100 791 dtwm -1 /usr/mail/brendan
100 791 dtwm -1 /usr/mail/brendan
100 791 dtwm -1 /usr/mail/brendan
100 791 dtwm -1 /usr/mail/brendan
100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null
0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp
0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp
100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null
100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo
100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo
100 791 dtwm 0 /devices/pseudo/mm@0:null
100 783 ttsession 0 /devices/pseudo/pts@0:3
100 783 ttsession 0 /devices/pseudo/pts@0:3
100 783 ttsession 0 /devices/pseudo/pts@0:3
100 791 dtwm 0 /devices/pseudo/mm@0:null
100 783 ttsession 0 /devices/pseudo/pts@0:3
100 783 ttsession 0 /devices/pseudo/pts@0:3
100 791 dtwm 0 /devices/pseudo/mm@0:null
100 791 dtwm 0 /devices/pseudo/mm@0:null
100 792 dtfile 0 /devices/pseudo/mm@0:null
100 783 ttsession 0 /devices/pseudo/pts@0:3
^C
It is interesting what turns up. In the above output, a "dtwm" process
with process ID 791 called stat on /usr/mail/brendan and received -1 as
a return value - as this file does not exist. (when were mailboxes ever
stored in /usr/mail??).
statsnoop has a variety of options, as opensnoop does. Here I trace stat()s
from processes called "bash", while a new bash shell is executed,
# statsnoop -n bash
UID PID COMM FD PATH
100 1493 bash 0 /usr/bin/bash
100 1493 bash 0 /devices/pseudo/pts@0:8
100 1493 bash 0 /lib/libcurses.so.1
100 1493 bash 0 /lib/libsocket.so.1
100 1493 bash 0 /lib/libnsl.so.1
100 1493 bash 0 /lib/libdl.so.1
100 1493 bash 0 /lib/libc.so.1
100 1493 bash 0 /devices/pseudo/pts@0:8
100 1493 bash 0 /devices/pseudo/pts@0:8
100 1493 bash 0 /export/home/brendan
100 1493 bash 0 .
100 1493 bash 0 /export/home/brendan/.bashrc
100 1493 bash -1 /usr/mail/brendan
100 1493 bash 0 /export/home/brendan/.bash_history
100 1493 bash 0 /export/home/brendan/.bash_history
100 1493 bash 0 /export/home/brendan/.bash_history
100 1493 bash -1 /export/home/brendan/.inputrc
100 1493 bash 0 .
^C
bash also checked /usr/mail/brendan? hmm...
$ echo $MAIL
/usr/mail/brendan
hmmmmm...
$ cat .profile
# This is the default standard profile provided to a user.
# They are expected to edit it to meet their own needs.
MAIL=/usr/mail/${LOGNAME:?}
huh?
$ cat /etc/skel/.profile
# This is the default standard profile provided to a user.
# They are expected to edit it to meet their own needs.
MAIL=/usr/mail/${LOGNAME:?}
$ cat /var/sadm/pkg/SUNWcsr/save/pspool/SUNWcsr/reloc/etc/skel/.profile
# This is the default standard profile provided to a user.
# They are expected to edit it to meet their own needs.
MAIL=/usr/mail/${LOGNAME:?}
oh.
|
