Re: Dumpable tasks and ownership of /proc/*/fd

From: Petr Baudis
Date: Tue Apr 11 2006 - 09:42:58 EST


Dear diary, on Mon, Apr 10, 2006 at 09:42:03AM CEST, I got a letter
where "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> said that...
> The most straight forward is:
> int openat(int dirfd, const char *path, int flags, int mode)
> {
> int orig_dir_fd;
> int result;
> lock()
> orig_dir_fd = open(".");
> fchdir(dirfd);
> result = open(relpath);
> fchdir(orig_dir_fd);
> close(orig_dir_fd);
> unlock();
> return result;
> }
>
> I suspect something like the above needs to be considered if
> you want the emulation to work on old kernels, in the presence
> of suid applications.
>
..snip..
>
> Although I guess you could attempt to use /proc/self/fd/<n>
> and if that gets a permission problem try a slower but more
> reliable path in the emulation.

Oops, I completely forgot about fchdir(). Thanks, I think I will use
something like this for now.


By the way, I would like to return to a statement from your previous
mail:

> Other processes we do need to deny if we aren't dumpable because
> they don't have another way to get that information.

I still don't understand this - so why don't provide them _this_ way to
get that information? What is the security risk?

--
Petr "Pasky" Baudis
Stuff: http://pasky.or.cz/
Right now I am having amnesia and deja-vu at the same time. I think
I have forgotten this before.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/