[PATCH v3] Allow access to /proc/$PID/fd after setuid()

From: Alexey Dobriyan
Date: Fri Feb 09 2007 - 10:03:40 EST

Next message: Rusty Russell: "[PATCH 1 of 7] lguest: Move mce_disabled to asm/mce.h so lguestcan use it."
Previous message: Thomas Gleixner: "Re: -mm merge plans for 2.6.21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

/proc/$PID/fd has r-x------ permissions, so if process does setuid(), it
will not be able to access /proc/*/fd/. This breaks fstatat() emulation
in glibc.

open("foo", O_RDONLY|O_DIRECTORY) = 4
setuid32(65534) = 0
stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied)

Comments and suggestions from Andrew Morton and Oleg Nesterov.

Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxxx>
---

fs/proc/base.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)

--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1414,10 +1414,28 @@ static struct file_operations proc_fd_op
};

/*
+ * /proc/pid/fd needs a special permission handler so that a process can still
+ * access /proc/self/fd after it has executed a setuid().
+ */
+static int proc_fd_permission(struct inode *inode, int mask,
+ struct nameidata *nd)
+{
+ int rv;
+
+ rv = generic_permission(inode, mask, NULL);
+ if (rv == 0)
+ return 0;
+ if (task_pid(current) == proc_pid(inode))
+ rv = 0;
+ return rv;
+}
+
+/*
* proc directories can do almost nothing..
*/
static struct inode_operations proc_fd_inode_operations = {
.lookup = proc_lookupfd,
+ .permission = proc_fd_permission,
.setattr = proc_setattr,
};

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "[PATCH 1 of 7] lguest: Move mce_disabled to asm/mce.h so lguestcan use it."
Previous message: Thomas Gleixner: "Re: -mm merge plans for 2.6.21"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]