How do you know what a Linux program will do without really executing it?

Published on December 08, 2017

How do you know what a Linux program will do without really executing it?

Original author: SK
  • Transfer
Have you ever wanted to know what kind of actions a Linux command will perform, even before calling this command? Suppose you are an experienced user and you know how many teams behave. But even you can’t know how absolutely everything works. Of course, the Explainshell web service can provide some help in figuring out details about commands . To do this, you will need to copy and paste the command you are interested in, after which you will find a detailed description of how each part of it works. However, this is not our method. Thanks to the tool that we are going to talk about now, you can find out exactly how a certain program works directly from the command line. Meet the maybe utility



- A simple tool that allows you to explore the team and find out, in all details, exactly how they will interact with the computer file system when they are actually used. In this case, the studied program or team, in test mode, does not have any effect on the system. You yourself, having read the report on it, decide whether to run it for real or not.

How does maybe work?


The developer of the program tells the following about it: “Maybe runs processes under ptrace control using the python-ptrace library. When a program intercepts a system call, which leads to changes in the file system, it writes this call to the log, then modifies the processor registers in order to redirect the call to an invalid system call ID (that is, essentially turning this call into an empty operation) . Further, it sets the value that this empty operation returns so that it indicates the successful completion of the original call. As a result, the process is convinced that everything that he is trying to do is really happening, while in reality nothing is happening. ”

It is worth noting here that great care should be taken when using maybe in any systems whose failure can lead to serious consequences. The fact is that this utility still does not block a lot of system calls, as a result, its use can lead to computer malfunctions.

Maybe installation


Before installing maybe, check if the package manager is installed on your system pip. If this is not the case, below are the instructions for installing pipon various Linux distributions.

In Arch Linux and other systems built on the basis of this distribution, such as Antergos and Manjaro Linux, pipyou can install this:

sudo pacman -S python-pip

In RHEL and CentOS, the following sequence of commands will help you:

sudo yum install epel-release
sudo yum install python-pip

In Fedora, this can be done like this:

sudo dnf install epel-release
sudo dnf install python-p

Here is the appropriate command for Debian, Ubuntu, and Linux Mint:

sudo apt-get install python-pip

On SUSE and OpenSUSE, use the following command:

sudo zypper install python-pip

After installation, pipinstall maybe:

sudo pip install maybe

Work with maybe


Using is maybevery simple. Just add maybebefore the team you want to research. Here's what it looks like:

$ maybe rm -r ostechnix/

As you can see, I’m going to delete the folder ostechnixand want to know what will happen on my system if the above command is executed. Here is what reports this maybe:

maybe has prevented rm -r ostechnix/ from performing 5 file system operations:
 delete /home/sk/inboxer-0.4.0-x86_64.AppImage
 delete /home/sk/Docker.pdf
 delete /home/sk/Idhayathai Oru Nodi.mp3
 delete /home/sk/dThmLbB334_1398236878432.jpg
 delete /home/sk/ostechnix
Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y



It turned out that the team rm -r ostechnix/would perform 5 operations with the file system, which was reported maybe. Now I can decide whether I need to perform these operations or not. To me, this is just a great opportunity.

Here is another example. I want to install Inboxer , a desktop client for Gmail. Here's what I found out about the corresponding operation with maybe:

$ maybe ./inboxer-0.4.0-x86_64.AppImage 
fuse: bad mount point `/tmp/.mount_inboxemDzuGV': No such file or directory
squashfuse 0.1.100 (c) 2012 Dave Vasilevsky
Usage: /home/sk/Downloads/inboxer-0.4.0-x86_64.AppImage [options] ARCHIVE MOUNTPOINT
FUSE options:
 -d -o debug enable debug output (implies -f)
 -f foreground operation
 -s disable multi-threaded operation
open dir error: No such file or directory
maybe has prevented ./inboxer-0.4.0-x86_64.AppImage from performing 1 file system operations:
create directory /tmp/.mount_inboxemDzuGV
Do you want to rerun ./inboxer-0.4.0-x86_64.AppImage and permit these operations? [y/N]

If during the investigation of a certain command it is not possible to detect operations with the file system, it maybewill output something similar to this:

$ maybe sudo pacman -Syu
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

Then I tried to investigate the update command of my Arch Linux, and maybedid not detect file system operations and did not display any messages about such operations.

Summary


As you can see, everything is simple and clear. I maybereally liked the team , this is exactly what I was looking for some time. Now I can easily find out what a team or program will do before it actually launches. I hope maybeyou come in handy.

Dear readers! What use cases can you see? The material mentions that maybe - a utility that is not yet quite ready for use on critical systems. Do you know something similar, but suitable for running on such systems?