Dear Alejandro Colomar,
I finally wrote a patch against the latest man pages, see file attached.
Hopefully this is in a format that allows you to integrate it well.
Some quick notes:
1. The "make" process aborted with an error, I couldn't use it to
verify. However, pandoc seems to think my formatting is correct.
2. I still don't know if open("/proc/self/exe") has any internal race
conditions on rename, like any more regular symlink. My text simply
assumes it doesn't. Maybe some expert might want to double-check?
3. You can freely use my patch, no attribution needed. However, if
source info is desired, you can supply "Ellie <el@xxxxxxxxxxx>" for that.
Regards,
Ellie
PS: The error that "make" gave me was this one, in case anybody finds
this useful: "TROFF .tmp/man/man2/s390_sthyi.2.cat.set
troff:.tmp/man/man2/s390_sthyi.2:124: warning [p 2, 1.8i]: cannot adjust
line"
On 12/12/23 9:47 AM, ellie wrote:
Dear Alejandro Colomar,
I hope I'm emailing this to the correct place, I found this contact
information on https://man7.org/mtk/contact.html regarding man page
feedback:
I'm suggesting that the "man 5 proc" page is expanded with a section
clarifying /proc/[pid]/self race conditions, I described details and
even made a text suggestion here:
https://bugzilla.suse.com/show_bug.cgi?id=1216352
(The text suggestion might be wrong, however, since I don't actually
know what the exact technical state of this is.)
Regards,
ellie
diff --git a/man/man5/proc.5 b/man/man5/proc.5
index d3bc28ff0..12d3d06b8 100644
--- a/man/man5/proc.5
+++ b/man/man5/proc.5
@@ -168,7 +168,10 @@ to view the contents of
When a process accesses this magic symbolic link,
it resolves to the process's own
.IR /proc/ pid
-directory.
+directory. For notes on the thread-safety of
+.I /proc/self/exe,
+check
+.BR proc_pid_exe (5).
.TP
.I /proc/thread\-self
When a thread accesses this magic symbolic link,
diff --git a/man/man5/proc_pid_exe.5 b/man/man5/proc_pid_exe.5
index e308677f1..aa8cddd70 100644
--- a/man/man5/proc_pid_exe.5
+++ b/man/man5/proc_pid_exe.5
@@ -55,5 +55,22 @@ MFM, etc. drives) minor 01 (first partition on the first drive).
with the
.I \-inum
option can be used to locate the file.
+.SS Safely using proc/self/exe
+There is a common programming mistake of first using
+.IR readlink("/proc/self/exe")
+to obtain a program's own binary, and then using
+.IR open()
+on the resulting path string. In many scenarios this is unsafe, since
+between the two calls the binary may be renamed and then
+.IR open()
+would access an unrelated file.
+.P
+To avoid this pitfall, directly use
+.IR open("/proc/self/exe")
+without obtaining the filesystem path first. Since
+.IR /proc/self/exe
+is special and not a regular symlink, this opens the file directly
+without ever involving the filesystem path. This avoids any race
+conditions.
.SH SEE ALSO
.BR proc (5)
