Re: PROBLEM?: "permission denied" when accessing /proc/self/fd/*after setuid

From: Daryl Tester
Date: Thu Aug 07 2008 - 22:25:32 EST

Next message: Andi Kleen: "Re: [ANNOUNCE] Merkey's Kernel Debugger"
Previous message: Parag Warudkar: "Re: [ANNOUNCE] mdb-2.6.27-rc2-ia32-08-07-08.patch"
In reply to: Alexey Dobriyan: "Re: PROBLEM?: "permission denied" when accessing /proc/self/fd/*after setuid"
Next in thread: Daryl Tester: "Re: PROBLEM?: "permission denied" when accessing /proc/self/fd/*after setuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexey Dobriyan wrote:

Something similar was fixed in 2.6.22, but let me check.

You're right - from <http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22>:

commit 8948e11f450e6189a79e47d6051c3d5a0b98e3f3
Author: Alexey Dobriyan <adobriyan@xxxxxxxxxx>
Date: Tue May 8 00:23:35 2007 -0700

Allow access to /proc/$PID/fd after setuid()

/proc/$PID/fd has r-x------ permissions, so if process does setuid(), it
will not be able to access /proc/*/fd/. This breaks fstatat() emulation
in glibc.

open("foo", O_RDONLY|O_DIRECTORY) = 4
setuid32(65534) = 0
stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied)

However, one of the kernels I tried this on (and failed) was a 2.6.24-19 -
is it possible this patch was backed out?

Cheers,
--dt

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [ANNOUNCE] Merkey's Kernel Debugger"
Previous message: Parag Warudkar: "Re: [ANNOUNCE] mdb-2.6.27-rc2-ia32-08-07-08.patch"
In reply to: Alexey Dobriyan: "Re: PROBLEM?: "permission denied" when accessing /proc/self/fd/*after setuid"
Next in thread: Daryl Tester: "Re: PROBLEM?: "permission denied" when accessing /proc/self/fd/*after setuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]