[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc/pid/fd/ shows strange mode when executed via sudo.

It turned out that /usr/bin/sudo is using /proc/self/fd/ for closing already
opened files. I made a simple demo program that can reproduce this regression.

---------- test.c start ----------
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <dirent.h>
#include <string.h>

static void opentest(void)
{
	FILE *fp = fopen("/dev/tty", "a");
	int i;
	char buffer[1024];
	memset(buffer, 0, sizeof(buffer));
	for (i = 0; i < 5; i++) {
		struct stat buf;
		int fd = open("/proc/self/exe", O_RDONLY);
		if (fd == EOF)
			break;
		snprintf(buffer, sizeof(buffer) - 1, "/proc/self/fd/%u", fd);
		if (lstat(buffer, &buf))
			continue;
		if ((buf.st_mode & 0700) == 0700) {
			char buffer2[1024];
			memset(buffer2, 0, sizeof(buffer2));
			readlink(buffer, buffer2, sizeof(buffer2) - 1);
			fprintf(fp, "%s -> %s \n", buffer, buffer2);
		}
	}
}

int main(int argc, char *argv[])
{
	DIR *dirp = (argc > 1) ? opendir("/proc/self/fd") : NULL;
	if (dirp) {
		struct dirent *dent;
		fprintf(stderr, "closefrom with /proc/self/fd/\n");
		while ((dent = readdir(dirp)) != NULL) {
			int fd;
			if (sscanf(dent->d_name, "%u", &fd) == 1 &&
			    fd != dirfd(dirp))
				close(fd);
		}
		closedir(dirp);
	} else {
		int fd;
		fprintf(stderr, "closefrom without /proc/self/fd/\n");
		for (fd = 0; fd < 1024; fd++)
			close(fd);
	}
	opentest();
	return 0;
}
---------- test.c end ----------

[root@ccsecurity tmp]# ./a.out 1
closefrom with /proc/self/fd/
/proc/self/fd/1 -> /tmp/a.out
/proc/self/fd/2 -> /tmp/a.out
[root@ccsecurity tmp]# ./a.out
closefrom without /proc/self/fd/
[root@ccsecurity tmp]#

I tried on three kernels.

  2.6.18-308.4.1.el5 : OK
  2.6.26-2-686 (2.6.26-26lenny4) : NG
  2.6.32-220.17.1.el6 : NG

This regression seems to be introduced between 2.6.19 and 2.6.26.
This regression seems to involve opendir()/closedir() usage.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux