Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.system > #514

Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'

From crankypuss <crankypuss@nomail.invalid>
Newsgroups comp.os.linux.development.system
Subject Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'
Date 2013-07-17 01:52 -0600
Organization A noiseless patient Spider
Message-ID <ks5i4s$183$1@dont-email.me> (permalink)
References (4 earlier) <87r4f0gllc.fsf@araminta.anjou.terraraq.org.uk> <ks34ll$pr2$1@dont-email.me> <8738rekdbw.fsf@araminta.anjou.terraraq.org.uk> <ks38b5$aqa$1@dont-email.me> <87k3kqk8uh.fsf@sapphire.mobileactivedefense.com>

Show all headers | View raw

On 07/16/2013 06:06 AM, Rainer Weikusat wrote:
> crankypuss <crankypuss@nomail.invalid> writes:
>> On 07/16/2013 04:29 AM, Richard Kettlewell wrote:
>
> [...]
>
>>>> Pardon my attitude, but that is ridiculous.  Either the function
>>>> should work 100%, it should be fixed, or it should be removed.
>>>> Granted the timing issues involved with this kind of thing are legion,
>>>> but that is one of the reasons for the concept of locking.  I get the
>>>> idea from other comments in the documentation that the presence of
>>>> access in linux is motivated politically rather than technically, that
>>>> it's part of the requirements for a posix certification or something.
>>>
>>> The problem the warning refers to is a privileged program (for instance,
>>> a setuid program) checking the access rights of an unprivileged user to
>>> a path that the unprivileged user can control some element of.
>>>
>>> If the checking program isn’t privileged relative to the calling user,
>>> or if it’s checking for access to some path that cannot be controlled by
>>> an unprivileged user, then the warning isn’t really relevant.
>>
>> If the guy is running as root, all bets are off to begin with.
>
> This is supposed to setuid processes which run with an effective user
> id (euid) different from their real user id. The permission check
> performed by access uses the real uid and this means it seems as if
> this was a way the program running with a different euid could check
> whether or not the user who invoked it has permission to access a
> certain filesystem object. But this doesn't work reliably because the
> same path name could refer to a different filesystem object by the
> time the actual 'access routine' (usually, open) runs or the
> permissions of the checked filesystem object could change in between.
>

I sort of understand, and thank you for the explanation.  I'm of the 
opinion that there are some basic problems with the linux filesystem 
protection mechanisms, mostly because although filesystems are tree 
structured, object protection is not hierarchical.  It could be that I'm 
too new to linux (and unix) to fully grasp something that is flawless, 
but maybe not.  Thanks again.

Back to comp.os.linux.development.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

"Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:05 -0700
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 15:09 +0100
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:20 -0700
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2012-10-02 20:14 +0300
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 10:46 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with   permissions '-r--r--r--' Josef Moellers <josef.moellers@invalid.invalid> - 2012-10-03 12:39 +0200
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:53 +0300
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:58 +0300
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 20:08 +0100
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' pacman@kosh.dhis.org (Alan Curry) - 2012-10-02 21:44 +0000
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 23:16 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-03 09:35 +0100
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' a.c.kalker@gmail.com - 2013-07-14 06:08 -0700
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-14 17:08 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 02:41 -0600
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-15 10:06 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 10:05 +0100
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 03:51 -0600
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 11:32 +0100
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 03:50 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-16 11:29 +0100
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 04:53 -0600
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Rainer Weikusat <rweikusat@mssgmbh.com> - 2013-07-16 13:06 +0100
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 01:52 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-16 19:04 +0000
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 02:21 -0600

csiph-web