3

I had the requirement of spawning a process as a root, then dropping its privileges to non-root user, so to implement this i used setbit for the binary and changes the owner to root. then i spawned the process as a non-root user and initially it started as root , after doing necessary task i used setuid(getuid()) call to drop its privileges to non-root user. what happens with this is owner:group of all the files at the location /proc/(pid)/ remains root:root. due to which the threads which are spawned by my process (after dropping privileges) . Do have accesss denied in /proc/(pid)/exe. anyone having any idea why the setuid doesn't set the owner:group at files location /proc/(pid)?

moongoal
  • 2,847
  • 22
  • 23
Abhishek Chandel
  • 1,294
  • 2
  • 13
  • 19

1 Answers1

3

Under Linux, if a process was set-id when it started, or if the user has permission to execute the binary but not read it, and possibly under some other condition as well, a "dumpable" flag is cleared inside the kernel. For security reasons, this flag prevents a few things: it disallows core dumps (a core dump might leak privileged information), prevents normal users from attaching a debugger, and restricts access to most of the files in /proc/<pid> for that process.

Once cleared, that flag cannot be set again, even if the process drops privileged.

(Actually, there is a system call prctl(PR_SET_DUMPABLE) that can change the value of the flag but I believe the system call is not meant for general use.)

More importantly, I wonder what you are doing in your program that depends on /proc/<pid>/exe or other files in /proc/<pid> being readable/openable.

Celada
  • 21,627
  • 4
  • 64
  • 78
  • 1
    actually this process spawns several threads.suppose if have 20 threads spawned using clone, and setuid()(in code flow) occurs after 18 threads are spawned, then rest 2 threads encounter some permission issues with the files stored at /proc/pid. I used prctl(pr_set_dumpable, 1) after setuid() call to have the coredumps generation enabled. I found that use of prctl(pr_set_dumpable, 1) also changes the owner:group of all the files at /proc/(pid) location. which did the things what i wanted. – Abhishek Chandel Jan 21 '12 at 16:44
  • I am not the OP, but have the same problem : my program must bind to a TCP port below 1024 but has not other reason to be root, so I use the setuid(getuid) trick and now, after reading your answer, the prctl(PR_SET_DUMPABLE,1) call, but that's not enough, as I need my process to appear in 'fuser -v" and "lsof" output when run by the same non-root user, and that does not work, because the virtual symbolic links in /proc/PID/fd are still unreadable for that non-root user : readlink fails on them with EACCES (Permission denied) – Philippe De Muyter Apr 19 '18 at 08:11