[Bug 246311] [patch] procstat can't view current working directory (affects xfce4-terminal, linprocfs, ...)

Fri, 08 May 2020 08:43:25 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246311

            Bug ID: 246311
           Summary: [patch] procstat can't view current working directory
                    (affects xfce4-terminal, linprocfs, ...)
           Product: Base System
           Version: 12.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: b...@freebsd.org
          Reporter: damjan....@gmail.com

Created attachment 214280
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=214280&action=edit
Decrease the procstat fd access restriction to PGET_CANSEE

Currently "procstat fd [pid]" cannot view anything, even for other processes
owned by the user making the call, not even their current working directory
(CWD), unless it has PGET_CANDEBUG permission.

linprocfs however allows reading the CWD for any process because it doesn't
perform that check (sys/compat/linprocfs/linprocfs.c, function
linprocfs_doproccwd()).

Applications use this, eg. xfce4-terminal relies on
/compat/linux/proc/<pid>/cwd to find the shell's CWD, so that when you open a
new tab, it starts in the same CWD as the tab you opened it from
(https://github.com/xfce-mirror/xfce4-terminal/blob/master/terminal/terminal-screen.c#L2343).
I would like to patch xfce4-terminal to use libprocstat for that instead of
needing linprocfs to be mounted, but since procstat is more restrictive, it
will break it.

Can we please downgrade PGET_CANDEBUG to at least PGET_CANSEE, so you can view
the CWD for processes you own? Maybe other open files still need to be hidden,
but the CWD doesn't seem like a major security concern.

Linux's own /proc filesystem never hides the CWD (lrwxrwxrwx), and only hides
file descriptors for processes you don't own.

The attached patch decreases the access restriction to PGET_CANSEE, and works
as intended in my tests.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to