From 8948e11f450e6189a79e47d6051c3d5a0b98e3f3 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 8 May 2007 00:23:35 -0700 Subject: [PATCH] Allow access to /proc/$PID/fd after setuid() /proc/$PID/fd has r-x------ permissions, so if process does setuid(), it will not be able to access /proc/*/fd/. This breaks fstatat() emulation in glibc. open("foo", O_RDONLY|O_DIRECTORY) = 4 setuid32(65534) = 0 stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied) Signed-off-by: Alexey Dobriyan Cc: "Eric W. Biederman" Cc: James Morris Cc: Chris Wright Cc: Ulrich Drepper Cc: Oleg Nesterov Acked-By: Kirill Korotaev Cc: Al Viro Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/proc/base.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/fs/proc/base.c b/fs/proc/base.c index ec158dd02b3a..a721acfd4fdc 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1447,11 +1447,29 @@ static const struct file_operations proc_fd_operations = { .readdir = proc_readfd, }; +/* + * /proc/pid/fd needs a special permission handler so that a process can still + * access /proc/self/fd after it has executed a setuid(). + */ +static int proc_fd_permission(struct inode *inode, int mask, + struct nameidata *nd) +{ + int rv; + + rv = generic_permission(inode, mask, NULL); + if (rv == 0) + return 0; + if (task_pid(current) == proc_pid(inode)) + rv = 0; + return rv; +} + /* * proc directories can do almost nothing.. */ static const struct inode_operations proc_fd_inode_operations = { .lookup = proc_lookupfd, + .permission = proc_fd_permission, .setattr = proc_setattr, }; -- 2.20.1