[Bugme-new] [Bug 10782] New: Access to /proc filesystem

bugme-daemon at bugzilla.kernel.org bugme-daemon at bugzilla.kernel.org
Fri May 23 12:06:04 PDT 2008 

http://bugzilla.kernel.org/show_bug.cgi?id=10782

           Summary: Access to /proc filesystem
           Product: Other
           Version: 2.5
     KernelVersion: 2.6.22.13
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
        AssignedTo: other_other at kernel-bugs.osdl.org
        ReportedBy: huaraz at moeller.plus.com


Latest working kernel version:
Earliest failing kernel version:
Distribution:Opensuse 10.2
Hardware Environment:Vmware
Software Environment:
Problem Description: Can not access files in /proc when switching from root to
non-root

Steps to reproduce:

When logged in as a normal user it is not possible to access links in
/proc/{pid}/  where {pid} is the process id of a root process. This is despite
all file and link permissions should allow the user to access the link. 

Example:

# id
uid=0(root) gid=0(root) groups=0(root)
# echo $$
13924
# ls -al /proc/13924
total 0
dr-xr-xr-x   6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x   2 root root 0 2008-02-28 19:59 attr
-r--------   1 root root 0 2008-02-28 19:59 auxv
--w-------   1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r--   1 root root 0 2008-02-28 12:16 cmdline
-r--r--r--   1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 cwd -> /root
-r--------   1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx   1 root root 0 2008-02-28 12:16 exe -> /lib/ast/bin/ksh
dr-x------   2 root root 0 2008-02-28 19:59 fd
dr-x------   2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r--   1 root root 0 2008-02-28 19:59 loginuid
-r--r--r--   1 root root 0 2008-02-28 19:59 maps
-rw-------   1 root root 0 2008-02-28 19:59 mem
-r--r--r--   1 root root 0 2008-02-28 19:59 mounts
-r--------   1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r--   1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r--   1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 root -> /
-rw-------   1 root root 0 2008-02-28 19:59 seccomp
-r--r--r--   1 root root 0 2008-02-28 19:59 smaps
-r--r--r--   1 root root 0 2008-02-28 19:59 stat
-r--r--r--   1 root root 0 2008-02-28 12:16 statm
-r--r--r--   1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x   3 root root 0 2008-02-28 19:59 task
-r--r--r--   1 root root 0 2008-02-28 19:59 wchan

1) The directory /proc/13924 allows everybody to read the content.
2) The link (exe, cwd and root) are also readable by everybody.
3) The file the link point to /root, /lib/ast/bin/ksh and / are also readable
by everybody

BUT when I list the directory as a normal user I get a permisssion denied.

markus at Opensuse:~> id
uid=1000(markus) gid=100(users) groups=16(dialout),33(video),100(users)
markus at Opensuse:~> ls -al /proc/13924
ls: cannot read symbolic link /proc/13924/cwd: Permission denied
ls: cannot read symbolic link /proc/13924/root: Permission denied
ls: cannot read symbolic link /proc/13924/exe: Permission denied
total 0
dr-xr-xr-x   6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x   2 root root 0 2008-02-28 19:59 attr
-r--------   1 root root 0 2008-02-28 19:59 auxv
--w-------   1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r--   1 root root 0 2008-02-28 12:16 cmdline
-r--r--r--   1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 cwd
-r--------   1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx   1 root root 0 2008-02-28 12:16 exe
dr-x------   2 root root 0 2008-02-28 19:59 fd
dr-x------   2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r--   1 root root 0 2008-02-28 19:59 loginuid
-r--r--r--   1 root root 0 2008-02-28 19:59 maps
-rw-------   1 root root 0 2008-02-28 19:59 mem
-r--r--r--   1 root root 0 2008-02-28 19:59 mounts
-r--------   1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r--   1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r--   1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx   1 root root 0 2008-02-28 19:59 root
-rw-------   1 root root 0 2008-02-28 19:59 seccomp
-r--r--r--   1 root root 0 2008-02-28 19:59 smaps
-r--r--r--   1 root root 0 2008-02-28 19:59 stat
-r--r--r--   1 root root 0 2008-02-28 12:16 statm
-r--r--r--   1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x   3 root root 0 2008-02-28 19:59 task
-r--r--r--   1 root root 0 2008-02-28 19:59 wchan



This has consequences that application fail to work. An example is when perl is
used under root and the effective id has changed using $> perl can not any more
access its own binary when spawning processes as perl tries to access
/proc/self/exe (which points to /usr/bin/perl) and fails. This stops
application to work (like Radiator a perl based radius server) on
SLES10/OpenSuses whereas other platforms like OpenSolaris/Solaris 10 work fine.

I also don't see a security reason for the denied permission as all other files
are fully accessible by the non root user.


Regards
Markus



See also https://bugzilla.novell.com/show_bug.cgi?id=365738


-- 
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Bugme-new mailing list