Red Hat Bugzilla – Bug 141108
futimes() fails after setuid()
Last modified: 2007-11-30 17:10:55 EST
Description of problem:
It appears that setuid() does not change the ownership of files under
/proc/self. I am not sure whether or not it should do that, but since
futimes() is implemented as a call to utimes() on /proc/[pid]/fd/[fd]
on Linux, and that symlink is owned by root (or whoever we were before
setuid), the calls always fail in applications that have switched uids.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. setuid() to another user
2. attempt to futimes() a fd
Actual Results: futimes() fails with EACCES
Expected Results: futimes() succeeds, changing the times on the
At least as long as futimes is implemented using utimes on /proc/<pid>/fd/<N>
(there is no other way ATM to do that from userland), that is expected behaviour.
If you setuid to another user, you make the task non-dumpable, therefore
/proc/<pid>/fd must not be visible to anybody but superuser. That is necessary
for security reasons.