Re: Readlink: permission denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/23/2012 07:02 PM, Cameron Simpson wrote:

On 23May2012 18:46, JD<jd1008@xxxxxxxxx>  wrote:
| On 05/23/2012 02:59 PM, Cameron Simpson wrote:
|>  On 23May2012 12:13, JD<jd1008@xxxxxxxxx>   wrote:
|>  | Why would I be denied access to info of files opened by processes
|>  | running with my uid?
|>  | This is a bug.
|>  |
|>  | To wit:
|>  | COMMAND     PID   TID    USER   FD      TYPE     DEVICE  SIZE/OFF
|>  | NODE NAME
|>  | gnome-key  1707            jd  cwd   unknown
|>  | /proc/1707/cwd (readlink: Permission denied)
|>
|>  What do:
|>
|>     ls -ld /proc/1707
|>     ls -la /proc/1707
|>
|>  show? Adjust for your running system, of course.
|>
|>  Maybe /proc itself has exciting new permissions.
|>  Maybe lsof has exciting new setgidness or something.
|>  Or SELinux hates you.
|>
|>  BTW, _does_ this work as root? Just for info.
|>
|>  Cheers,
| Yes it does work for root.
| So, my question still remains that a process
| that opens files/devices/dirs....etc,
| having  user X's uid/gid for credentials, can open these
| resources, yet lsof, invoked by same user X, belches out
| Permission denied.
| How were such resources opened using X's credentials
| in the first place, if user X has no permission to read the link?

Sigh. Which is why I asked you to run some ls commands, to _inspect_ the
permissions. What do they show?


I know what you are driving at.
So what there are entries there that are root owned,
and some of them have root only access perms:
-r-------- 1 root root 0 May 23 11:48 auxv
--w------- 1 root root 0 May 23 11:48 clear_refs
-r-------- 1 root root 0 May 23 11:48 environ
dr-x------ 2 root root 0 May 23 11:20 fd/
dr-x------ 2 root root 0 May 23 11:48 fdinfo/
-r-------- 1 root root 0 May 23 11:48 io
-rw------- 1 root root 0 May 23 11:48 mem
-r-------- 1 root root 0 May 23 11:48 mountstats

My question is : how were they opened by a process
that has no root perms in the first place?

The process' running program has no suid perm:

-rwxr-xr-x 1 root root 1013268 Jan 18 03:28 /usr/bin/gnome-keyring-daemon


So, if these resources are accessible to this process,
how did this process, which has no root privs,
gain access to these resources which are accessible only
to root user?



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux