Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.system > #512

Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'

From Rainer Weikusat <rweikusat@mssgmbh.com>
Newsgroups comp.os.linux.development.system
Subject Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--'
Date 2013-07-16 13:06 +0100
Message-ID <87k3kqk8uh.fsf@sapphire.mobileactivedefense.com> (permalink)
References (3 earlier) <ks0gc4$fiu$1@dont-email.me> <87r4f0gllc.fsf@araminta.anjou.terraraq.org.uk> <ks34ll$pr2$1@dont-email.me> <8738rekdbw.fsf@araminta.anjou.terraraq.org.uk> <ks38b5$aqa$1@dont-email.me>

Show all headers | View raw

crankypuss <crankypuss@nomail.invalid> writes:
> On 07/16/2013 04:29 AM, Richard Kettlewell wrote:

[...]

>>> Pardon my attitude, but that is ridiculous.  Either the function
>>> should work 100%, it should be fixed, or it should be removed.
>>> Granted the timing issues involved with this kind of thing are legion,
>>> but that is one of the reasons for the concept of locking.  I get the
>>> idea from other comments in the documentation that the presence of
>>> access in linux is motivated politically rather than technically, that
>>> it's part of the requirements for a posix certification or something.
>>
>> The problem the warning refers to is a privileged program (for instance,
>> a setuid program) checking the access rights of an unprivileged user to
>> a path that the unprivileged user can control some element of.
>>
>> If the checking program isn’t privileged relative to the calling user,
>> or if it’s checking for access to some path that cannot be controlled by
>> an unprivileged user, then the warning isn’t really relevant.
>
> If the guy is running as root, all bets are off to begin with.

This is supposed to setuid processes which run with an effective user
id (euid) different from their real user id. The permission check
performed by access uses the real uid and this means it seems as if
this was a way the program running with a different euid could check
whether or not the user who invoked it has permission to access a
certain filesystem object. But this doesn't work reliably because the
same path name could refer to a different filesystem object by the
time the actual 'access routine' (usually, open) runs or the
permissions of the checked filesystem object could change in between.

Back to comp.os.linux.development.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

"Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:05 -0700
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 15:09 +0100
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 07:20 -0700
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2012-10-02 20:14 +0300
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 10:46 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with   permissions '-r--r--r--' Josef Moellers <josef.moellers@invalid.invalid> - 2012-10-03 12:39 +0200
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:53 +0300
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Phil Carmody <thefatphil_demunged@yahoo.co.uk> - 2012-10-11 01:58 +0300
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-02 20:08 +0100
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' pacman@kosh.dhis.org (Alan Curry) - 2012-10-02 21:44 +0000
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Alex Vinokur <alex.vinokur@gmail.com> - 2012-10-02 23:16 -0700
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2012-10-03 09:35 +0100
  Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' a.c.kalker@gmail.com - 2013-07-14 06:08 -0700
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-14 17:08 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 02:41 -0600
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-15 10:06 +0000
    Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 10:05 +0100
      Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-15 03:51 -0600
        Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-15 11:32 +0100
          Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 03:50 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Richard Kettlewell <rjk@greenend.org.uk> - 2013-07-16 11:29 +0100
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-16 04:53 -0600
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Rainer Weikusat <rweikusat@mssgmbh.com> - 2013-07-16 13:06 +0100
                Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 01:52 -0600
            Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-07-16 19:04 +0000
              Re: "Permission denied" while reading file /proc/<pid>/maps with permissions '-r--r--r--' crankypuss <crankypuss@nomail.invalid> - 2013-07-17 02:21 -0600

csiph-web