[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120523205857.GA22643@hexapodia.org>
Date: Wed, 23 May 2012 13:58:57 -0700
From: Andy Isaacson <adi@...apodia.org>
To: linux-kernel@...r.kernel.org
Cc: Alexey Dobriyan <adobriyan@...il.com>
Subject: setreuid() results in unreadable /proc/self/fdinfo/
The enclosed testcase shows that after using setreuid to permanently
give up root privs, the process loses its ability to open
/proc/self/fdinfo (as well as some but not all other entries in
/proc/self/).
This seems to fail only with threads -- a singlethreaded program does
not show the same failure. The failure is the same if the setreuid is
done in the parent thread (before pthread_create) or in the child
thread.
This testcase shows the same behavior on RHEL5 and on
3.4.0-rc4-00095-g95f7147.
This was originally found in Java code using the jsvc project.
A similar discussion happened 3.5 years ago (!) in
http://lkml.indiana.edu/hypermail/linux/kernel/0808.0/3350.html
(CCing Alexey.)
% cc -O2 -Wall setuid-proc-self-fd.c -o setuid-proc-self-fd -lpthread
% sudo ./setuid-proc-self-fd
uid = 0 euid = 0
uid = 1000 euid = 1000
main created thread, waiting.
/proc/self/fdinfo: Permission denied
delaying 100 seconds.
...
% sudo ls -ld /proc/`pidof setuid-proc-self-fd`{,/task/*}{,/fdinfo}
dr-xr-xr-x 7 andy root 0 May 23 13:43 /proc/31640
dr-x------ 2 root root 0 May 23 13:43 /proc/31640/fdinfo
dr-xr-xr-x 5 andy root 0 May 23 13:44 /proc/31640/task/31640
dr-x------ 2 root root 0 May 23 13:44 /proc/31640/task/31640/fdinfo
dr-xr-xr-x 5 andy root 0 May 23 13:44 /proc/31640/task/31641
dr-x------ 2 root root 0 May 23 13:44 /proc/31640/task/31641/fdinfo
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <stdarg.h>
#include <unistd.h>
#include <fcntl.h>
#include <pthread.h>
void die(char *fmt, ...)
__attribute__((noreturn))
__attribute__((format(printf, 1, 2)));
void die(char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
exit(1);
}
void *do_child(void *arg)
{
int fd;
if((fd = open("/proc/self/fdinfo", O_RDONLY|O_DIRECTORY)) == -1) {
fprintf(stderr, "/proc/self/fdinfo: %s\n", strerror(errno));
fprintf(stderr, "delaying 100 seconds.\n");
sleep(100);
}
printf("fd = %d\n", fd);
fflush(stdout);
return 0;
}
int main(int argc, char **argv)
{
pthread_t t;
printf("uid = %d euid = %d\n", (int)getuid(), (int)geteuid());
setreuid(1000,1000);
printf("uid = %d euid = %d\n", (int)getuid(), (int)geteuid());
pthread_create(&t, 0, do_child, 0);
printf("main created thread, waiting.\n");
pthread_join(t, 0);
printf("main exiting.\n");
return 0;
}
-andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists