Re: 2.6.13: can kill X server but readlink of /proc/<pid>/exe et. al. says EACCES. feature?

[Frank van Maarseveen]

On Tue, Sep 06, 2005 at 06:57:37PM +0100, viro@xxxxxxxxxxxxxxxxxx wrote:
> On Tue, Sep 06, 2005 at 07:53:49PM +0200, Frank van Maarseveen wrote:
> > While I have access to /proc/<pid>, readlink fails with EACCES on
> > 
> > 	/proc/<pid>/exe
> > 	/proc/<pid>/cwd
> > 	/proc/<pid>/root
> > 
> > even when I own <pid> though it runs with a different effective/saved/fs
> > uid such as the X server. This is a bit uncomfortable and doesn't
> > seem right.
> > 
> > Or is this to make /proc mounting inside a chroot jail safe?
> 
> suid-root task does chdir() to place you shouldn't be able to access.
> You do cd /proc/<pid>/cwd and get there anyway.  Bad Things Happen...

Ok, but being able to do readlink() does not mean that one can chdir(),
usually.

-- 
Frank
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/