Bug 141108 - futimes() fails after setuid()
Summary: futimes() fails after setuid()
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-29 10:45 UTC by Oskari Saarenmaa
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-11-29 13:19:04 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Oskari Saarenmaa 2004-11-29 10:45:30 UTC 
Description of problem:
It appears that setuid() does not change the ownership of files under
/proc/self.  I am not sure whether or not it should do that, but since
futimes() is implemented as a call to utimes() on /proc/[pid]/fd/[fd]
on Linux, and that symlink is owned by root (or whoever we were before
setuid), the calls always fail in applications that have switched uids.

Version-Release number of selected component (if applicable):
glibc-2.3.3-74

How reproducible:
Always

Steps to Reproduce:
1. setuid() to another user
2. attempt to futimes() a fd
    
Actual Results:  futimes() fails with EACCES

Expected Results:  futimes() succeeds, changing the times on the
target file
Comment 1 Jakub Jelinek 2004-11-29 13:19:04 UTC 
At least as long as futimes is implemented using utimes on /proc/<pid>/fd/<N>
(there is no other way ATM to do that from userland), that is expected behaviour.
If you setuid to another user, you make the task non-dumpable, therefore
/proc/<pid>/fd must not be visible to anybody but superuser.  That is necessary
for security reasons.
Note You need to log in before you can comment on or make changes to this bug.