Path: csiph.com!usenet.pasdenom.info!news.albasani.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Josef Moellers Newsgroups: comp.os.linux.development.system Subject: Re: "Permission denied" while reading file /proc//maps with permissions '-r--r--r--' Date: Wed, 03 Oct 2012 12:39:37 +0200 Lines: 25 Message-ID: References: <20de89c1-dcb3-42b2-b281-d22af2035db5@googlegroups.com> <87ehlh9d99.fsf@araminta.anjou.terraraq.org.uk>

<45b5a20b-9fed-4d34-acaf-d7f38b092c98@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: individual.net mEQ1qVxgSNqCAkCap8PiYwSerNIlbGdBwzQ3uhJ7mz9UPpRO4a Cancel-Lock: sha1:iS3PqstSkVsH+IXhRcx4o9seDMQ= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120912 Thunderbird/15.0.1 In-Reply-To: <45b5a20b-9fed-4d34-acaf-d7f38b092c98@googlegroups.com> X-Enigmail-Version: 1.4.4 Xref: csiph.com comp.os.linux.development.system:474 On 10/02/2012 07:46 PM, Alex Vinokur wrote: > On Tuesday, October 2, 2012 7:14:38 PM UTC+2, Tauno Voipio wrote: >> The 'files' in /proc are no regular files. They are peepholes into the >> internals of the kernel. The kernel may impose whatever additional >> restrictions it deems fit. >> > In this case their permissions should be -r-------- or -r--r-----, but not -r--r--r-- (i.e., 0400 or 0440, but not 0444). No, they need not. In general, everyone can open and read *some* *part* of the special file. After all, there is also a file offset associated with an open file, so reading from offset 0 may be forbidden, reading from (let's say) offset 0x1000 may be OK (agreed, this will not be the case here). Sometimes the permissions are set by one kernel component (i.e. the one which creates the node) while the access is implemented by another component which has some stricter rules, e.g. due to SELinux. The actual permissions may even vary with runtime configuration. Josef PS Please restrict quoting!