can a process modify these proc filesystem informations?

From: Martin MAURER (
Date: Wed Jun 11 2003 - 04:06:35 EST

Hi all,

Please CC me in your replies. (not subscribed to the list)

I am developping a firewall application[1], that filters connections
(besides other informations) on the process which is sending/receiving
the packets. To get the corresponding process name I use the following
1.) i get the ip/port from ip_queue
2.) i search for the inode in /proc/sys/tcp[udp]
3.) i search in /proc/xxx/fd/ for the inode
4.) i get the executeable name by examining /proc/xxx/fd/exe
xxx being all pids in /proc

I just wanted to know if it is possible for a non-root process to
- /proc/PID/exe
- /proc/PID/fd
- /proc/sys/tcp

ie: Is the infomation I get this way reliable or can it be faked.

Martin Maurer


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Jun 15 2003 - 22:00:27 EST