On Tue, Sep 06, 2005 at 08:50:41PM +0200, Frank van Maarseveen wrote: > On Tue, Sep 06, 2005 at 06:57:37PM +0100, [EMAIL PROTECTED] wrote: > > On Tue, Sep 06, 2005 at 07:53:49PM +0200, Frank van Maarseveen wrote: > > > While I have access to /proc/<pid>, readlink fails with EACCES on > > > > > > /proc/<pid>/exe > > > /proc/<pid>/cwd > > > /proc/<pid>/root > > > > > > even when I own <pid> though it runs with a different effective/saved/fs > > > uid such as the X server. This is a bit uncomfortable and doesn't > > > seem right. > > > > > > Or is this to make /proc mounting inside a chroot jail safe? > > > > suid-root task does chdir() to place you shouldn't be able to access. > > You do cd /proc/<pid>/cwd and get there anyway. Bad Things Happen... > > Ok, but being able to do readlink() does not mean that one can chdir(), > usually.
follow_link on these guys does _not_ traverse parent directories. So chdir() checks are more relaxed that way. Even if we made checks on readlink work differently, we would still get an information leak - e.g. if task had created a directory with pathname derived from sensitive data and did chdir there. Being able to kill a task != being able to see pieces of its state... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
