From: Michael R. <mc...@sa...> - 2004-10-03 17:45:31
|
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "BlaisorBlade" == BlaisorBlade <bla...@ya...> writes: >> We also continue to have an issue with the /proc/PID/environ file >> not being owned by the process involved. BlaisorBlade> I'm looking at the permission in your listing and in BlaisorBlade> my linux, and I don't see anything strange. Plus, I BlaisorBlade> don't understand what you mean with "a file owned by a BlaisorBlade> certain process". BlaisorBlade> Do you mean "I start the process with uid build and BlaisorBlade> /proc/PID/* has uid root while it should have uid BlaisorBlade> build"? Yes. BlaisorBlade> If you mean this, the answer is that you seem to be BlaisorBlade> starting UML with one id and making it run with BlaisorBlade> another UID. At least, I see this permission situation BlaisorBlade> with the X Font Server: No, this is not the case. It runs as "build" and that is all. The problem is that the use of mm confuses the proc-permission system into thinking that the process is setuid. I wandered through this last year, when we first noticed this problem. This seems to be due to how mm->dumpable is initalized. (see task_dumpable in fs/proc/base.c) I tried to change it, but I was not successful. I can dig up my attempts, but they are on the list. - -- ] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mc...@xe... http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQWA6ZoqHRg3pndX9AQHq4wQAicuhD6K2kVa9RAKpeuHxQoqEMaHsmES8 VBvblPm6DWFlo44ti2EFHK2+TxGHNRY3o7I2IAiodcB8L9YVUv2vZT+imnqbhUZ+ OHRv+qyuWPcPL3r8pZt7h4UecNhgHL5r+D7JRoYqia6UefQ9F0SHJMdo3hpgyPQP XY31FzFQcrM= =lEFE -----END PGP SIGNATURE----- |