Re: Can access to /proc/$PID/exe be relaxed?

[Denys Vlasenko]

On Tue, Jul 21, 2009 at 6:52 PM, Lennart Poettering<mzxreary@xxxxxxxxxxx> wrote:
> Hi!
>
> Unless I am mistaken a process currently needs CAP_SYS_PTRACE to read
> /proc/$PID/exe for abritrary processes.

You mean "readlink'?

> Does that make sense? Could
> that be relaxed? Is there any reason to limit access to that link at
> all? To me the data from /proc/$PID/cmdline seems to be far more
> worthy to be protected than /proc/$PID/exe, or am I missing something?
>
> Tbh, looking at the code I don't really get where CAP_SYS_PTRACE seems
> to be required, but experimenting from userspace this seems to be the
> case.

Another annoying thing is that sometimes processes cannot open
their own /proc/self/fd/N. Example:

# setuidgid 200:200 cat /proc/self/fd/0
cat: /proc/self/fd/0: Permission denied

In real life this happened when I wanted to redirect apache's
log to stderr. The config directive only allowed redirecting
to a file, so I specified /proc/self/fd/2. It does not work
if apache drops root after startup.

--
vda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/