| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<DB9PR05MB11014E5806668445342EDE9DAFDA1A@DB9PR05MB11014.eurprd05.prod.outlook.com>
Date: Thu, 11 Dec 2025 15:02:11 +0000
From: Gabríel Arthúr Pétursson
<Gabriel.Petursson@...el.com>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Bug: Opening a file under /proc/<pid>/ after process exit may return
ENOENT
Opening a file under /proc/<pid>/ after process exit may return ENOENT
======================================================================
Given an open directory file descriptor to /proc/<pid>/, there exists a small
window after a process exits in which opening a file would fail with ENOENT
before the expected ESRCH error.
The following C program demonstrates the issue:
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main() {
while (1) {
int r = open("cmdline", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (r < 0) {
fprintf(stderr, "open failed: %m\n");
if (errno == ESRCH) {
return 1;
}
} else {
close(r);
}
}
}
>From the shell, pick a process under /proc/ and run the program. Once the
process exits, one may observe the following output:
root@...ek:/proc/3414924# /root/a.out
open failed: No such file or directory
open failed: No such process
Affected versions
-----------------
We've tested and reproduced the bug on:
Fedora 43 with 6.17.8-300.fc43.x86_64, and
Ubuntu 25.10 with 6.14.0-35-generic
Thanks in advance!
Please let me know if any additional information is required.
Powered by blists - more mailing lists