That sounds a bit useless that after the su I can access all files in
/proc/'pid'/ and I can list the real file but not the link in /proc/'pid'/
to the real file.
I can't believe that this makes sense and is intended.
Markus
"Randall R Schulz"
On Tuesday 26 February 2008 14:54, Markus Moeller wrote:
When I su from root to another id I can not anymore list links in /proc/'pid'/ of the original process. This creates a problem when for example running perl as root and switching id (using $>) after which in some circumstances perl tries to start /proc/self/exe which is a link to /usr/bin/perl and fails.
Is this a known bug ?
It's a known behavior, but by no means a bug!
The only way you're going to make this work is by acquiring access (opening a file, e.g.) and by then passing that descriptor across the ID change back to the restricted UID.
This is possible when writing in C (and many other languages, including scripting languages). Doing it from the shell is at best a trickier proposition. In particular, while the shell allows much more than the usual ">", "<", "|" operators for, I see no indication (in the man or info page) that su will participate in such machinations. It may simply allow all non-standard descriptors (those other than 0, 1 and 2) to persist after the UID change and the new process is executed, it may, as a security measure, close all but those descriptors.
You'll have to experiment.
Thank you Markus
Randall Schulz
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org