https://bugzilla.novell.com/show_bug.cgi?id=365738
Summary: Access to links of root processes in /proc does not work
Product: openSUSE 10.3
Version: Final
Platform: All
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: bnc-team-screening@forge.provo.novell.com
ReportedBy: huaraz@moeller.plus.com
QAContact: qa@suse.de
Found By: Other
M Moeller changed:
What |Removed |Added
----------------------------------------------------------------------------
Flag| |SHIP_STOPPER?, CCB_Review?
When logged in as a normal user it is not possible to access links in
/proc/{pid}/ where {pid} is the process id of a root process. This is despite
all file and link permissions should allow the user to access the link.
Example:
# id
uid=0(root) gid=0(root) groups=0(root)
# echo $$
13924
# ls -al /proc/13924
total 0
dr-xr-xr-x 6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x 2 root root 0 2008-02-28 19:59 attr
-r-------- 1 root root 0 2008-02-28 19:59 auxv
--w------- 1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r-- 1 root root 0 2008-02-28 12:16 cmdline
-r--r--r-- 1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx 1 root root 0 2008-02-28 19:59 cwd -> /root
-r-------- 1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx 1 root root 0 2008-02-28 12:16 exe -> /lib/ast/bin/ksh
dr-x------ 2 root root 0 2008-02-28 19:59 fd
dr-x------ 2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r-- 1 root root 0 2008-02-28 19:59 loginuid
-r--r--r-- 1 root root 0 2008-02-28 19:59 maps
-rw------- 1 root root 0 2008-02-28 19:59 mem
-r--r--r-- 1 root root 0 2008-02-28 19:59 mounts
-r-------- 1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r-- 1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r-- 1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx 1 root root 0 2008-02-28 19:59 root -> /
-rw------- 1 root root 0 2008-02-28 19:59 seccomp
-r--r--r-- 1 root root 0 2008-02-28 19:59 smaps
-r--r--r-- 1 root root 0 2008-02-28 19:59 stat
-r--r--r-- 1 root root 0 2008-02-28 12:16 statm
-r--r--r-- 1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x 3 root root 0 2008-02-28 19:59 task
-r--r--r-- 1 root root 0 2008-02-28 19:59 wchan
1) The directory /proc/13924 allows everybody to read the content.
2) The link (exe, cwd and root) are also readable by everybody.
3) The file the link point to /root, /lib/ast/bin/ksh and / are also readable
by everybody
BUT when I list the directory as a normal user I get a permisssion denied.
markus@Opensuse:~> id
uid=1000(markus) gid=100(users) groups=16(dialout),33(video),100(users)
markus@Opensuse:~> ls -al /proc/13924
ls: cannot read symbolic link /proc/13924/cwd: Permission denied
ls: cannot read symbolic link /proc/13924/root: Permission denied
ls: cannot read symbolic link /proc/13924/exe: Permission denied
total 0
dr-xr-xr-x 6 root root 0 2008-02-28 12:16 .
dr-xr-xr-x 128 root root 0 2008-02-18 20:11 ..
dr-xr-xr-x 2 root root 0 2008-02-28 19:59 attr
-r-------- 1 root root 0 2008-02-28 19:59 auxv
--w------- 1 root root 0 2008-02-28 19:59 clear_refs
-r--r--r-- 1 root root 0 2008-02-28 12:16 cmdline
-r--r--r-- 1 root root 0 2008-02-28 19:59 cpuset
lrwxrwxrwx 1 root root 0 2008-02-28 19:59 cwd
-r-------- 1 root root 0 2008-02-28 19:59 environ
lrwxrwxrwx 1 root root 0 2008-02-28 12:16 exe
dr-x------ 2 root root 0 2008-02-28 19:59 fd
dr-x------ 2 root root 0 2008-02-28 19:59 fdinfo
-rw-r--r-- 1 root root 0 2008-02-28 19:59 loginuid
-r--r--r-- 1 root root 0 2008-02-28 19:59 maps
-rw------- 1 root root 0 2008-02-28 19:59 mem
-r--r--r-- 1 root root 0 2008-02-28 19:59 mounts
-r-------- 1 root root 0 2008-02-28 19:59 mountstats
-rw-r--r-- 1 root root 0 2008-02-28 19:59 oom_adj
-r--r--r-- 1 root root 0 2008-02-28 19:59 oom_score
lrwxrwxrwx 1 root root 0 2008-02-28 19:59 root
-rw------- 1 root root 0 2008-02-28 19:59 seccomp
-r--r--r-- 1 root root 0 2008-02-28 19:59 smaps
-r--r--r-- 1 root root 0 2008-02-28 19:59 stat
-r--r--r-- 1 root root 0 2008-02-28 12:16 statm
-r--r--r-- 1 root root 0 2008-02-28 12:16 status
dr-xr-xr-x 3 root root 0 2008-02-28 19:59 task
-r--r--r-- 1 root root 0 2008-02-28 19:59 wchan
This has consequences that application fail to work. An example is when perl is
used under root and the effective id has changed using $> perl can not any more
access its own binary when spawning processes as perl tries to access
/proc/self/exe (which points to /usr/bin/perl) and fails. This stops
application to work (like Radiator a perl based radius server) on
SLES10/OpenSuses whereas other platforms like OpenSolaris/Solaris 10 work fine.
I also don't see a security reason for the denied permission as all other files
are fully accessible by the non root user.
Regards
Markus
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.