Red Hat Bugzilla – Bug 141108
futimes() fails after setuid()
Last modified: 2007-11-30 17:10:55 EST
Description of problem: It appears that setuid() does not change the ownership of files under /proc/self. I am not sure whether or not it should do that, but since futimes() is implemented as a call to utimes() on /proc/[pid]/fd/[fd] on Linux, and that symlink is owned by root (or whoever we were before setuid), the calls always fail in applications that have switched uids. Version-Release number of selected component (if applicable): glibc-2.3.3-74 How reproducible: Always Steps to Reproduce: 1. setuid() to another user 2. attempt to futimes() a fd Actual Results: futimes() fails with EACCES Expected Results: futimes() succeeds, changing the times on the target file
At least as long as futimes is implemented using utimes on /proc/<pid>/fd/<N> (there is no other way ATM to do that from userland), that is expected behaviour. If you setuid to another user, you make the task non-dumpable, therefore /proc/<pid>/fd must not be visible to anybody but superuser. That is necessary for security reasons.