> However, process names from ps output are already sanitized by the kernel (limited to 15 chars, no shell metacharacters executed).
I'm not sure what this is referring to. You can easily create a binary named ' (single quote, a shell meta character) and it will show up in ps (and /proc/pid/cmdline and /proc/pid/status) as a single quote. If you name a binary with a control character, it will show up in ps as ? (a shell metacharacter), and in /proc/$pid/cmdline and /proc/$pid/status as the control character itself (I named a binary as the single ASCII character 7, bell, and catting /proc/$pid/{cmdline,status} plays the as interpreted by the terminal program).
Recent versions of ls display these directory entries quoted for select-and-paste ease as:
$ ls -l ? # used ? here to match both files that are a single character
-rwxr-xr-x 2 thwarted thwarted 1769980 Jul 23 19:53 ''$'\a'
-rwxr-xr-x 2 thwarted thwarted 1769980 Jul 23 19:53 "'"
This was with kernel 5.14 and procps-ng-3.3.17.
Formatted by ls, the ^G file can be given to xargs, and the terminal plays a bell, but the single quote filename can not:
$ ls -1 /tmp/? | xargs -t -n 1 basename
basename '/tmp/'$'\a'
xargs: unmatched single quote; by default quotes are special to xargs unless you use the -0 option
Being able to null-byte delimit the input to xargs may make a difference here.
Anyway, you can't trust the content of what ps shows as the commandline pointing to an actual existing binary. The command line isn't always absolute. The best way to find the binary is probably by examining where the symlink /proc/$pid/exe points to, and getting the basename off of that, but that is not guaranteed to be shell-safe either, so YMMV.
I'm not sure what this is referring to. You can easily create a binary named ' (single quote, a shell meta character) and it will show up in ps (and /proc/pid/cmdline and /proc/pid/status) as a single quote. If you name a binary with a control character, it will show up in ps as ? (a shell metacharacter), and in /proc/$pid/cmdline and /proc/$pid/status as the control character itself (I named a binary as the single ASCII character 7, bell, and catting /proc/$pid/{cmdline,status} plays the as interpreted by the terminal program).
Recent versions of ls display these directory entries quoted for select-and-paste ease as:
This was with kernel 5.14 and procps-ng-3.3.17.Formatted by ls, the ^G file can be given to xargs, and the terminal plays a bell, but the single quote filename can not:
Being able to null-byte delimit the input to xargs may make a difference here.Anyway, you can't trust the content of what ps shows as the commandline pointing to an actual existing binary. The command line isn't always absolute. The best way to find the binary is probably by examining where the symlink /proc/$pid/exe points to, and getting the basename off of that, but that is not guaranteed to be shell-safe either, so YMMV.