Re: /prod/PID-related proc fs question

From: Richard B. Johnson (root@chaos.analogic.com)
Date: Wed Nov 06 2002 - 14:48:58 EST


On Wed, 6 Nov 2002, Calin A. Culianu wrote:

>
> I just noticed something today that I found odd and I know there must be a
> good reason for it, but I can't think of what it might be..
>
> Basically if I am listing the contents of a /proc/PID directory, it seems
> that the cwd, exe, and root (symlink) entries are invalid unless the
> process corresponding to PID is a process owned by me, or I am root. Why
> is this?
>
> Is this feature security related?
>
> If so I can't really think of any security issues that would arise from
> having that information as a non-priviledged user.
>
> It would seem reasonable to me that users seeing each other's
> /prod/PID/root and /proc/PID/exe symlinks isn't really much of a security
> vulnerability.. Plus it would make possible a non-root user to grab
> statistics on the most popular running binaries, the number of chrooted
> processes.. etc.. probably trivial statistics but it still would be nice
> to see if any other instance of an application is running (unless there
> already is another mechanism for this that I am unaware of).
>
> Anyway any answers appreciated...
>
> -Calin

Well you know that you can send a "secret" message
from one task to another using Morse code?

As a trivial example, I could use a lot of CPU time
for a second:
     while(time(NULL) == saved)
            ;

I could call this a "dash".

Then I could use a tiny bit and call it a "dot":
    sleep(1);

I could then use a little bit and call it a space:
    while(time(NULL) == saved)
        usleep(1);

If another task knew this, and could have access to my
task's CPU time statistics, I could send messages through
an "undocumented" or "rogue" channel.

This may seem dumb, and the example is, however there
are commercial systems out there where you don't want any
undocumented communications paths between tasks. They
might be performing stock transactions for competing
clients, etc. A back-door communications path could
be used to steal. So, it might not be a good idea to give
away information that another task doesn't have a "need-to-know".

Cheers,
Dick Johnson
Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
   Bush : The Fourth Reich of America

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:45 EST