From: Alexey Dobriyan Date: Tue, 8 May 2007 07:23:35 +0000 (-0700) Subject: Allow access to /proc/$PID/fd after setuid() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8948e11f450e6189a79e47d6051c3d5a0b98e3f3;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git Allow access to /proc/$PID/fd after setuid() /proc/$PID/fd has r-x------ permissions, so if process does setuid(), it will not be able to access /proc/*/fd/. This breaks fstatat() emulation in glibc. open("foo", O_RDONLY|O_DIRECTORY) = 4 setuid32(65534) = 0 stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied) Signed-off-by: Alexey Dobriyan Cc: "Eric W. Biederman" Cc: James Morris Cc: Chris Wright Cc: Ulrich Drepper Cc: Oleg Nesterov Acked-By: Kirill Korotaev Cc: Al Viro Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/proc/base.c b/fs/proc/base.c index ec158dd02b3a..a721acfd4fdc 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1447,11 +1447,29 @@ static const struct file_operations proc_fd_operations = { .readdir = proc_readfd, }; +/* + * /proc/pid/fd needs a special permission handler so that a process can still + * access /proc/self/fd after it has executed a setuid(). + */ +static int proc_fd_permission(struct inode *inode, int mask, + struct nameidata *nd) +{ + int rv; + + rv = generic_permission(inode, mask, NULL); + if (rv == 0) + return 0; + if (task_pid(current) == proc_pid(inode)) + rv = 0; + return rv; +} + /* * proc directories can do almost nothing.. */ static const struct inode_operations proc_fd_inode_operations = { .lookup = proc_lookupfd, + .permission = proc_fd_permission, .setattr = proc_setattr, };