Bug ID | 1221867 |
---|---|
Summary | Can read /proc/pid/exe but test -r /proc/pid/exe fails |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.4 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Kernel |
Assignee | kernel-bugs@opensuse.org |
Reporter | tdevries@suse.com |
QA Contact | qa-bugs@suse.de |
Target Milestone | --- |
Found By | --- |
Blocker | --- |
Consider the following script: ... $ cat try.sh #!/bin/sh kill -9 $(pidof mysleep) 2> /dev/null cp /usr/bin/sleep mysleep md5sum mysleep ./mysleep 10000 & ( sleep 1 pid=$(pidof mysleep) echo "PID: $pid" test -r /proc/$pid/exe echo $? md5sum /proc/$pid/exe kill -9 $(pidof mysleep) 2> /dev/null ) ... If we run it, we get: ... $ ./try.sh 6a85b2e53dce34ce2c35129b5b20c50b mysleep PID: 4462 0 6a85b2e53dce34ce2c35129b5b20c50b /proc/4462/exe ... So: - we copy sleep, calculate its md5sum, run it, and get the pid - we check if we can read /proc/$pid/exe - we calculate the md5sum of /proc/$pid/exe and we find that: - we can read /proc/$pid/exe, and - we are able to calculate the same md5sum for /proc/$pid/exe. Now consider: ... $ cat ./try2.sh #!/bin/sh sudo \ -E \ capsh \ --caps="cap_setpcap,cap_setuid,cap_setgid+ep cap_sys_ptrace+eip" \ --keep=1 \ --user=$USER \ --addamb="cap_sys_ptrace" \ --shell=./try.sh -- ... This time, we get: ... $ ./try2.sh [sudo] password for root: 6a85b2e53dce34ce2c35129b5b20c50b mysleep PID: 4536 1 6a85b2e53dce34ce2c35129b5b20c50b /proc/4536/exe ... So, this seems contradictory: - according to test -r, we cannot read /proc/$pid/exe - but according to md5sum, we can read /proc/$pid/exe This hit in gdb ( https://sourceware.org/bugzilla/show_bug.cgi?id=31528 ), where we decide not to try to open /proc/$pid/exe to get the symbols of an exec we've attached to, because first access(..., R_OK) is called to determine whether gdb can open it, which replies no. If we skip the access check, we're able to read the symbols and the test-case passes. However, there's the possibility that this is a kernel bug: - if access is supposed to be unavailable, but in fact it is, it looks like a bug to me - if access is supposed to be available, but we don't advertise that through access, it might be a bug, or it might be an inconvenience that ideally would be documented. I came across https://bugzilla.kernel.org/show_bug.cgi?id=211593 , which I think comes from https://bugzilla.suse.com/show_bug.cgi?id=1216352 , which are probably related. From what I understand from reading those two PRs, I probably need to fix gdb to avoid using readlink for /proc/$pid/exe. Regardless, I would like to understand if I stumbled upon a kernel bug and whether it needs filing/fixing upstream in some form or another. This is with opensuse leap 15.4, with a recent kernel: ... $ uname -a Linux xerxes 6.8.1-lp155.4.gd922afa-default #1 SMP PREEMPT_DYNAMIC Tue Mar 19 07:32:20 UTC 2024 (d922afa) x86_64 x86_64 x86_64 GNU/Linux ...