get_cpu_times()/get_memory_info() to return child process result without sudo

[giampaolo]

From g.willgo...@telluricresearch.com on February 28, 2012 23:53:58

Proposal  
Currently on OSX get_cpu_times() and get_memory_info() crash unless you are 
running under sudo even if the process is a child process of the one making the 
request. This means that the only way to monitor the cpu/memory usage of a 
child is through parsing the output from the OS's ps command ... defeating the 
purpose of using psutil in the first place. Requiring the code to run using 
sudo is a security risk. 

On what platforms would this be available?  
OSX 

Proposed API  
No change. 

Are there existent implementations we can use as an example?  
Other platforms seem to work OK. Please provide any additional information below.

Original issue: http://code.google.com/p/psutil/issues/detail?id=255

[giampaolo]

From jlo...@gmail.com on February 28, 2012 15:26:49

1) It doesn't crash (at least I have not seen it do so nor had it reported as 
such in the issue tracker), it throws an AccessDenied exception, which is 
correct behavior since the behavior is caused by  the OS X security model 
preventing access to reading another process's information. 

2) We've looked into this several times, and there simply isn't a viable 
workaround for this other than running the script with root privileges. The way 
OS X's security model is designed prevents one application from reading 
another's process space, even if they are run by the same user. The only way 
around that is to run as root, or to explicitly create a cert to authorize a 
one process to access another.

I investigated this previously for psutil and because Python is an interpreter, 
that would require you authorize the Python interpreter process (*not* your 
script) to access process information, which is cumbersome and a security issue 
that's even less desirable to my mind than explicitly allowing a given Python 
script to run as root with sudo. 

If you're wondering - the reason "ps", "top" and Activity Monitor binaries work 
on OS X when run as a non-privileges user is because they are setuid, i.e. they 
run as root when invoked. If you were so inclined, you could of course make 
Python's interpreter run setuid also but that has obvious negative security 
repercussions.

If there is a workaround that will allow us to bypass this security constraint 
of OS X in a reasonable way, we'd love to know about it but as of right now 
there does not appear to be any way to do so that is more palatable than using sudo.

Status: WontFix

[giampaolo]

From g.willgo...@telluricresearch.com on February 28, 2012 15:45:24

This may seem like a stupid idea but as workaround on OSX why doesn't psutil 
run ps itself and parse the output of ps. I like the API of psutil and it would 
be nice if it worked across all platforms, even if the solution for OSX was 
less than ideal. I know the format of ps varies from platform to platform (it 
was while investigating that that I stumbled on psutil myself) but I suspect 
that across the various versions of OSX ps's output format would be the same.

====================================================================
Prof Garry Willgoose,
Director, Centre for Climate Impact Management (C2IM),
Head of Discipline, Discipline of Civil Surveying and Environmental Engineering,
School of Engineering, The University of Newcastle,
Callaghan, 2308
Australia.

C2IM webpage: www.c2im.org.au

Phone: (International) +61 2 4921 6050 (Tues-Thurs); +61 2 6545 9574 (Mon, Fri)
FAX: (International) +61 2 4921 6991
Env. Engg. Secretary: (International) +61 2 4921 6042

email:  garry.willgoose@newcastle.edu.au (uni); 
g.willgoose@telluricresearch.com (personal, consulting)
email-for-life: garry.willgoose@alum.mit.edu
personal webpage: www.telluricresearch.com/garry

[giampaolo]

From jlo...@gmail.com on February 29, 2012 10:58:26

We have previously looked at (and even used as temporary solutions) parsing 
command line process output but it's inelegant and surprisingly inconsistent & 
difficult to parse reliably. There are also performance issues compared to 
directly accessing system calls in C code. 

Ultimately, it's not a direction we're looking to go with the library, and ps 
does not provide access to all the information we provide in psutil anyway. 
Even if you're parsing "ps" output, it's still ultimately running as root, so I 
don't see it as being a worthwhile trade-off.