Can os.path return a file that needs root access?

364 views Asked by At

I am trying to test if python can access a core file on a Mac. The file I have used as an example is one of the bpf file's (the reason I use a plural files is because it will take on the form bpf0, bpf1, bpf2, etc..). I know for a fact that the file exists. In fact, I know a program that accesses it and opens it, the airport file. Which is basically a program that will test wifi channels and puts your wifi card into monitor mode. When I run it along dtrace, to see what happens I get this as a return:

 8747/0x8431b:  open("/dev/bpf\\0", 0x2, 0xFFFFFFFFFFFFFFFF)         = -1 Err#2\
 8747/0x8431b:  open("/dev/bpf\\0", 0x0, 0xFFFFFFFFFFFFFFFF)         = -1 Err#2\
 8747/0x8431b:  open("/dev/bpf0\\0", 0x2, 0x2)       = -1 Err#16\
 8747/0x8431b:  open("/dev/bpf1\\0", 0x2, 0x2)       = -1 Err#16\
 8747/0x8431b:  open("/dev/bpf2\\0", 0x2, 0x2)       = 4 0\

So bpf was tried to be opened twice, both returned -1 with an error code of #2 bpf0 was tried to be opened but returned an error -1 with an error code #16 bpf1 was tried to be opened but returned an error -1 with an error code #16 bpf2 was successfully opened, and was assigned the value of 4, therefore the offset was 0x4

Things that were then done with this file:

 8747/0x8431b:  ioctl(0x4, 0x40044271, 0x7FFEEE9DAF10)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0xC004427F, 0x7FEEAD008590)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x40044266, 0x7FFEEE9DAF1C)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0xC0044266, 0x7FFEEE9DAF1C)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x8020426C, 0x7FFEEE9DB420)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x4004426A, 0x7FFEEE9DAF1C)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0xC00C4279, 0x7FFEEE9DAEF0)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0xC00C4279, 0x7FFEEE9DAEF0)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x80044275, 0x7FFEEE9DAF08)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x20004269, 0x0)      = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x40044266, 0x7FFEEE9DAF1C)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x80104267, 0x7FFEEE9DAEE0)       = 0 0\
 8747/0x8431b:  ioctl(0x4, 0x80044278, 0x7FFEEE9DB4AC)       = 0 0\

Which basically means with being in a sudo "state", the file is accessable. When I run the os.webcrawler through the /dev/ folder, it also returns that the file is there:

for root, dirs, files in os.walk("/dev"):
     for filename in files:
         if filename.startswith('bpf'):
              print('there')
              print(filename)

This code will then outputs this:

there
bpf0
there
bpf1
there
bpf2
there
bpf3
there
bpf4
there
bpf5

However, if i run the command os.path.isfile('/dev/bpf3') or any of the numbers it always comes up false. I even went to the dev location in the command line and used the ls command and it came up. Even if I start python in the command line at /dev as sudo with the command sudo python3 and type os.path.isfile('/dev/bpf3') it comes up false. Or, if I try to copy the file with the module shutil.copyfile('/dev/bpf4', 'bpf4') it comes up with the error OSError: [Errno 22] Invalid argument. What am I doing wrong? Am I supposed to try and access the bpf file without any numbers first like airport does, but that would just make no sense.

1

There are 1 answers

0
Sam Moldenha On

As one of the comments mentioned, This Link worked for me

Specifically this function within the post:

def exists(path):
    """Test whether a path exists.  Returns False for broken symbolic links"""
    try:
        os.stat(path)
    except OSError:
        return False
    return True

~from JVDM

I am still unsure how I would copy over the file and I would be able to examine it. If someone knows please let me know. If I find that answer I will post it.