seteuid and /proc/<pid>/exe

From: Larrosa, Antonio
Date: Thu Jan 10 2013 - 13:01:00 EST

Next message: Shuah Khan: "Re: [ 00/80] 3.4.25-stable review"
Previous message: Shuah Khan: "Re: [ 00/47] 3.0.58-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I have a user with uid=1000 that runs a process, let's say with pid 42.

If I do a readlink on /proc/42/exe from another process run by that same user,
it reads the link correctly.
If root calls readlink on that same link, it works correctly.

The problem is that I have another process that is run by root, and then calls
seteuid(1000). When it tries to read that link, it fails with "permission denied".
I could just seteuid(0), read the link and seteuid(1000) again
(I checked it and it works) but I wonder if that's really the expected behaviour.

If any of the effective, real and saved uid of the process have permissions to read the link,
is it expected that only because they're different, then the permission is denied?

Thanks,

--
Antonio Larrosa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shuah Khan: "Re: [ 00/80] 3.4.25-stable review"
Previous message: Shuah Khan: "Re: [ 00/47] 3.0.58-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]