TerminalShell (Linux): always ignore pid1 (v2)

CarterLi · CarterLi · commit cb13d43a7acb · 2025-08-21T00:19:52.000+08:00
diff --git a/src/detection/terminalshell/terminalshell_linux.c b/src/detection/terminalshell/terminalshell_linux.c
@@ -31,7 +31,7 @@ static pid_t getShellInfo(FFShellResult* result, pid_t pid)
             userShellName = instance.state.platform.userShell.chars + index + 1;
     }
 
-    while (ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, &tty) == NULL)
+    while (pid > 1 && ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, &tty) == NULL)
     {
         if (!ffStrbufEqualS(&result->processName, userShellName))
         {
@@ -75,14 +75,14 @@ static pid_t getShellInfo(FFShellResult* result, pid_t pid)
         ffProcessGetInfoLinux(pid, &result->processName, &result->exe, &result->exeName, &result->exePath);
         break;
     }
-    return ppid;
+    return pid > 1 ? ppid : 0;
 }
 
 static pid_t getTerminalInfo(FFTerminalResult* result, pid_t pid)
 {
     pid_t ppid = 0;
 
-    while (ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, NULL) == NULL)
+    while (pid > 1 && ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, NULL) == NULL)
     {
         //Known shells
         if (
@@ -145,7 +145,7 @@ static pid_t getTerminalInfo(FFTerminalResult* result, pid_t pid)
         ffProcessGetInfoLinux(pid, &result->processName, &result->exe, &result->exeName, &result->exePath);
         break;
     }
-    return ppid;
+    return pid > 1 ? ppid : 0;
 }
 
 static bool getTerminalInfoByPidEnv(FFTerminalResult* result, const char* pidEnv)

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ static pid_t getShellInfo(FFShellResult* result, pid_t pid)`
`31`	`31`	`userShellName = instance.state.platform.userShell.chars + index + 1;`
`32`	`32`	`}`
`33`	`33`
`34`		`- while (ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, &tty) == NULL)`
	`34`	`+ while (pid > 1 && ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, &tty) == NULL)`
`35`	`35`	`{`
`36`	`36`	`if (!ffStrbufEqualS(&result->processName, userShellName))`
`37`	`37`	`{`
`@@ -75,14 +75,14 @@ static pid_t getShellInfo(FFShellResult* result, pid_t pid)`
`75`	`75`	`ffProcessGetInfoLinux(pid, &result->processName, &result->exe, &result->exeName, &result->exePath);`
`76`	`76`	`break;`
`77`	`77`	`}`
`78`		`- return ppid;`
	`78`	`+ return pid > 1 ? ppid : 0;`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`static pid_t getTerminalInfo(FFTerminalResult* result, pid_t pid)`
`82`	`82`	`{`
`83`	`83`	`pid_t ppid = 0;`
`84`	`84`
`85`		`- while (ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, NULL) == NULL)`
	`85`	`+ while (pid > 1 && ffProcessGetBasicInfoLinux(pid, &result->processName, &ppid, NULL) == NULL)`
`86`	`86`	`{`
`87`	`87`	`//Known shells`
`88`	`88`	`if (`
`@@ -145,7 +145,7 @@ static pid_t getTerminalInfo(FFTerminalResult* result, pid_t pid)`
`145`	`145`	`ffProcessGetInfoLinux(pid, &result->processName, &result->exe, &result->exeName, &result->exePath);`
`146`	`146`	`break;`
`147`	`147`	`}`
`148`		`- return ppid;`
	`148`	`+ return pid > 1 ? ppid : 0;`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`static bool getTerminalInfoByPidEnv(FFTerminalResult* result, const char* pidEnv)`