lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Fri, 23 Dec 2016 01:19:38 -0500
From:   Keno Fischer <>
Subject: Why do Zombie process' /proc entries have uid 0?

This is mostly out of curiosity, but I was surprised by the behavior, so
I was hoping somebody might be able to explain why this behavior was
chosen. In particular, consider any zombie process, e.g.

$ cat /proc/77078/status
Name: test
State: Z (zombie)
Tgid: 77078
Ngid: 0
Pid: 77078
PPid: 77077
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000

now, this process has uid 1000, as does the /proc/<pid> directory

$ stat /proc/77078
  File: '/proc/77078'
Access: (0555/dr-xr-xr-x)  Uid: ( 1000/    keno)   Gid: ( 1000/    keno)

but most files in /proc/<pid> are owned by root:

$ stat /proc/77078/status
  File: '/proc/77078/status'
Access: (0444/-r--r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

Why is this? Why don't these files remain owned by the same uid as the
process itself?


Powered by blists - more mailing lists