Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.system > #509

Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!newsfeed.datemas.de!eternal-september.org!feeder.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From crankypuss <crankypuss@nomail.invalid>
Newsgroups comp.os.linux.development.system
Subject Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'
Date Tue, 16 Jul 2013 03:50:17 -0600
Organization A noiseless patient Spider
Lines 80
Message-ID <ks34ll$pr2$1@dont-email.me> (permalink)
References <20de89c1-dcb3-42b2-b281-d22af2035db5@googlegroups.com> <5f18d1b7-791f-449a-8643-0c88267d107b@googlegroups.com> <87wqosgpmi.fsf@araminta.anjou.terraraq.org.uk> <ks0gc4$fiu$1@dont-email.me> <87r4f0gllc.fsf@araminta.anjou.terraraq.org.uk>
Mime-Version 1.0
Content-Type text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding 8bit
Injection-Date Tue, 16 Jul 2013 09:44:22 +0000 (UTC)
Injection-Info mx05.eternal-september.org; posting-host="48fe8d295685dfa24bc0b6b4d40037f8"; logging-data="26466"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18LkveIiZug3oZSjZxyBl2Hga6qwYoOPjQ="
User-Agent Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
In-Reply-To <87r4f0gllc.fsf@araminta.anjou.terraraq.org.uk>
Cancel-Lock sha1:8DQYKtfCQ+QloaYZRyd2ceGouPk=
Xref csiph.com comp.os.linux.development.system:509

Show key headers only | View raw

On 07/15/2013 04:32 AM, Richard Kettlewell wrote:
> crankypuss <crankypuss@nomail.invalid> writes:
>> On 07/15/2013 03:05 AM, Richard Kettlewell wrote:
>>> a.c.kalker@gmail.com writes:
>>>> Regardless of the explanations as to why which were given, the current
>>>> behaviour breaks shell scripts which try to be careful with
>>>> permissions like:
>>>>
>>>> ! [[ -r /proc/$pid/maps ]] && echo "You don't have permission to read this file"
>>>>
>>>> These scripts will now have to deal with some other process bombing
>>>> out hard with an error when actually trying to read from the file.
>>>>
>>>> There doesn't seem to be a way to check for permissions without
>>>> actually provoking an error, which is not the way I like to do things.
>>>
>>> That is an antipattern.
>>>
>>> The way to deal with files being unreadable (or unwritable) is to try
>>> the read (or write) and handle any the error that may occur.
>>>
>>> Since the readability of writability of the file may change between the
>>> check and the open, or indeed after the open, you have to do this anyway
>>> - so the up-front check is a waste of effort.
>>>
>>> Use ‘set -e’ in shell scripts to automate much of the checking.
>>
>> It's a matter of philosophy, mostly; two different approaches, for a
>> given application one or the other might be more appropriate.  And its
>> appropriateness depends on the mechanisms available for error-handling
>> and the type of user-interface one wants to provide.
>
> If you mean: whether you take the ‘set -e’ approach and just fall over
> on error, or handle each error explicitly and report it in some
> user-friendly way, sure, there’s a place for both.
>
> If you mean: up-front checks vs handling errors when they occur, then
> no, it’s not a matter of philosophy.  Up-front checks are simply not
> reliable and there is no way round this.

There's a difference between checking and finding that a user is 
presumably authorized to do something then not handling errors that 
actually occur, and checking and finding out that the user is not 
authorized and stopping there.  Unless one is satisfied with "permission 
denied" as opposed to "directory permission denied" versus "file 
permission denied" (for example).

> You have to detect errors as
> they occur and handle them in whatever manner is appropriate to the
> application.

Yes, on that we agree.  On the other hand there is sometimes value in 
checking beforehand.

> If some aspect of this is too hard in shell, there’s no shortage of
> alternative languages.
>

Languages aside, the notes for access(2) are, as another poster pointed 
out, interesting.

"Warning: Using access() to check if a user is authorized to, for
example, open a file before actually doing so using open(2) creates a
security hole, because the user  might  exploit  the  short  time
interval between checking and opening the file to manipulate it."

I'm not quite seeing how that can create a security hole; if the user is 
not authorized to open it, how can he then manipulate it?  On the other 
hand, if he is authorized he can manipulate it afterward.  Can someone 
explain this?

"For this reason, the use of this system call should be avoided."

Pardon my attitude, but that is ridiculous.  Either the function should 
work 100%, it should be fixed, or it should be removed.  Granted the 
timing issues involved with this kind of thing are legion, but that is 
one of the reasons for the concept of locking.  I get the idea from 
other comments in the documentation that the presence of access in linux 
is motivated politically rather than technically, that it's part of the 
requirements for a posix certification or something.

Back to comp.os.linux.development.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

"Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:05 -0700
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 15:09 +0100
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:20 -0700
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2012-10-02 20:14 +0300
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 10:46 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with   permissions '-r--r--r--' Josef Moellers <josef.moellers@invalid.invalid> - 2012-10-03 12:39 +0200
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:53 +0300
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:58 +0300
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 20:08 +0100
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' pacman@kosh.dhis.org (Alan Curry) - 2012-10-02 21:44 +0000
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 23:16 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-03 09:35 +0100
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' a.c.kalker@gmail.com - 2013-07-14 06:08 -0700
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-14 17:08 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 02:41 -0600
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-15 10:06 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 10:05 +0100
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 03:51 -0600
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 11:32 +0100
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 03:50 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-16 11:29 +0100
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 04:53 -0600
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Rainer Weikusat <rweikusat@mssgmbh.com> - 2013-07-16 13:06 +0100
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 01:52 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-16 19:04 +0000
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 02:21 -0600

csiph-web