So...if I'm not allowed to read the link, wouldn't it be a bug
for the permissions to claim it is group/other readable?
lrwxrwxrwx 1 root root 0 Jun 5 22:29 /proc/2/exe
Exactly "what" is determining the permissions on the ability to read
the link if not the file permissions?
Should it read?
lrwx------ 1 root root 0 Jun 5 22:29 /proc/2/exe
> Please don't try this yourself. I can spot bugs
> in almost any parser for these files. Consider
> processes with names like these:
>
> "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
> ":-) 1 2 3 4 5 6"
> "foo Pid: 42"
> "x State: Z (z)"
--- Yeah...it could be a mess, but wouldn't you be guaranteed that it would be a zero terminated string?> The restricted permission on /proc/*/exe is kind of > dumb though, considering that /proc/*/maps is wide open. > Ability to follow the link might need to be restricted, > since the link is (was?) magic. It acts somewhat like > a hard link, bypassing permissions along the path.
--- Well that "could" be handled by an attempt to stat the target in the user's context and see if the file can be reached through the directory chain, but hey, what's the point of consistency, anyway? "Isn't it consistency is the foolish hobgoblin of small minds?" Er, something like that....
> > > Purely from a 'cleanliness' standpoint, is the > > environment owned by the user-id, or is it a common > > piece of public, kernel (root) owned data? > > It's swappable. The process can muck with it.
--- So if the process could muck with it, like path, then if it was able to switch back to ROOT, wouldn't that be a security risk?> There's nothing wrong with parsing ps output. Be sure to split > on whitespace, and not by character position. You can also use > pgrep or pidof. For example: > > ps -C foo -opid= > pgrep -u root sshd > pidof something
--- some more primitive unix clones (cygwin for example) don't have such luxuries....now that I mention it....it doesn't have an 'exe' entry under proc either...*snort*.Nevermind....:-)
-l
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/