Bug 10782 - Access to links of root processes in /proc does not work
Summary: Access to links of root processes in /proc does not work
Status: REJECTED WILL_NOT_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: other_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-23 12:06 UTC by Markus Moeller
Modified: 2008-10-28 11:30 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.22.13
Subsystem:
Regression: ---
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Markus Moeller 2008-05-23 12:06:03 UTC 
Latest working kernel version:
Earliest failing kernel version:
Distribution:Opensuse 10.2
Hardware Environment:Vmware
Software Environment:
Problem Description: Can not access files in /proc when switching from root to non-root

Steps to reproduce:

When logged in as a normal user it is not possible to access links in
/proc/{pid}/  where {pid} is the process id of a root process. This is despite
all file and link permissions should allow the user to access the link. 

Example:

# id
uid=0(root) gid=0(root) groups=0(root)
# echo $$
13924
# ls -al /proc/13924
total 0
dr-xr-xr-x   6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x   2 root root 0 2008-02-28 19:59 attr
-r--------   1 root root 0 2008-02-28 19:59 auxv
--w-------   1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r--   1 root root 0 2008-02-28 12:16 cmdline
-r--r--r--   1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 cwd -> /root
-r--------   1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx   1 root root 0 2008-02-28 12:16 exe -> /lib/ast/bin/ksh
dr-x------   2 root root 0 2008-02-28 19:59 fd
dr-x------   2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r--   1 root root 0 2008-02-28 19:59 loginuid
-r--r--r--   1 root root 0 2008-02-28 19:59 maps
-rw-------   1 root root 0 2008-02-28 19:59 mem
-r--r--r--   1 root root 0 2008-02-28 19:59 mounts
-r--------   1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r--   1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r--   1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 root -> /
-rw-------   1 root root 0 2008-02-28 19:59 seccomp
-r--r--r--   1 root root 0 2008-02-28 19:59 smaps
-r--r--r--   1 root root 0 2008-02-28 19:59 stat
-r--r--r--   1 root root 0 2008-02-28 12:16 statm
-r--r--r--   1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x   3 root root 0 2008-02-28 19:59 task
-r--r--r--   1 root root 0 2008-02-28 19:59 wchan

1) The directory /proc/13924 allows everybody to read the content.
2) The link (exe, cwd and root) are also readable by everybody.
3) The file the link point to /root, /lib/ast/bin/ksh and / are also readable
by everybody

BUT when I list the directory as a normal user I get a permisssion denied.

markus@Opensuse:~> id
uid=1000(markus) gid=100(users) groups=16(dialout),33(video),100(users)
markus@Opensuse:~> ls -al /proc/13924
ls: cannot read symbolic link /proc/13924/cwd: Permission denied
ls: cannot read symbolic link /proc/13924/root: Permission denied
ls: cannot read symbolic link /proc/13924/exe: Permission denied
total 0
dr-xr-xr-x   6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x   2 root root 0 2008-02-28 19:59 attr
-r--------   1 root root 0 2008-02-28 19:59 auxv
--w-------   1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r--   1 root root 0 2008-02-28 12:16 cmdline
-r--r--r--   1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 cwd
-r--------   1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx   1 root root 0 2008-02-28 12:16 exe
dr-x------   2 root root 0 2008-02-28 19:59 fd
dr-x------   2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r--   1 root root 0 2008-02-28 19:59 loginuid
-r--r--r--   1 root root 0 2008-02-28 19:59 maps
-rw-------   1 root root 0 2008-02-28 19:59 mem
-r--r--r--   1 root root 0 2008-02-28 19:59 mounts
-r--------   1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r--   1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r--   1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 root
-rw-------   1 root root 0 2008-02-28 19:59 seccomp
-r--r--r--   1 root root 0 2008-02-28 19:59 smaps
-r--r--r--   1 root root 0 2008-02-28 19:59 stat
-r--r--r--   1 root root 0 2008-02-28 12:16 statm
-r--r--r--   1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x   3 root root 0 2008-02-28 19:59 task
-r--r--r--   1 root root 0 2008-02-28 19:59 wchan



This has consequences that application fail to work. An example is when perl is
used under root and the effective id has changed using $> perl can not any more
access its own binary when spawning processes as perl tries to access
/proc/self/exe (which points to /usr/bin/perl) and fails. This stops
application to work (like Radiator a perl based radius server) on
SLES10/OpenSuses whereas other platforms like OpenSolaris/Solaris 10 work fine.

I also don't see a security reason for the denied permission as all other files
are fully accessible by the non root user.


Regards
Markus



See also https://bugzilla.novell.com/show_bug.cgi?id=365738
Comment 1 Alan 2008-09-23 03:49:34 UTC 
chroot(), binaries in directories whose permissions are open to the user but whose directories above prevent the /proc using user reaching it via normal means
Comment 2 Timothee Besset 2008-10-28 11:30:36 UTC 
FWIW I am seeing this happen for none of the above-mentioned reasons. Not chrooting, no SELinux, no apparmor or whatever, kernel 2.6.24. I think the main problem is how hard it is to diagnose and identify why the permission is denied.

$ id
uid=1000(timo) gid=1009(quakelive) [..]
$ ls -1l /usr/local/alienbrain
total 8044
-rwxrwxr-x 1 root staff 1126824 2007-04-25 11:49 ab
[..]

$ ls -1l /proc/19405
ls: cannot read symbolic link /proc/19405/cwd: Permission denied

# ls -1l /proc/19405
[..]
lrwxrwxrwx 1 timo timo 0 2008-10-28 12:14 cwd -> /usr/local/alienbrain
Note You need to log in before you can comment on or make changes to this bug.