Dumpable tasks and ownership of /proc/*/fd

From: Petr Baudis
Date: Sat Apr 08 2006 - 08:15:50 EST

Next message: legal_agent: "REPRESENTATIVE NEEDED"
Previous message: Sam Ravnborg: "Re: [patch] ipv4: initialize arp_tbl rw lock"
Next in thread: Eric W. Biederman: "Re: Dumpable tasks and ownership of /proc/*/fd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I would like to ask why is /proc/*/fd owned by root when the task is
not dumpable - what security concern does it address? It would seem more
reasonable to me if the /proc/*/fd owner would be simply always the real
uid of the process.

The issue is that now all tasks calling setuid() from root to non-root
during their lifetime will not be able to access their /proc/self/fd.
This is troublesome because the fstatat() and other *at() routines are
emulated by accessing /proc/self/fd/*/path and that will break with
setuid()ing programs, leading to various weird consequences (e.g. with
the latest glibc, nftw() does not work with setuid()ing programs and
furthermore causes the LSB testsuite to fail because of this, etc.).

Thanks,

--
Petr "Pasky" Baudis
Stuff: http://pasky.or.cz/
Right now I am having amnesia and deja-vu at the same time. I think
I have forgotten this before.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: legal_agent: "REPRESENTATIVE NEEDED"
Previous message: Sam Ravnborg: "Re: [patch] ipv4: initialize arp_tbl rw lock"
Next in thread: Eric W. Biederman: "Re: Dumpable tasks and ownership of /proc/*/fd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]