Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 May 2020 15:43:13 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 246311] [patch] procstat can't view current working directory (affects xfce4-terminal, linprocfs, ...)
Message-ID:  <bug-246311-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246311

            Bug ID: 246311
           Summary: [patch] procstat can't view current working directory
                    (affects xfce4-terminal, linprocfs, ...)
           Product: Base System
           Version: 12.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: damjan.jov@gmail.com

Created attachment 214280
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D214280&action=
=3Dedit
Decrease the procstat fd access restriction to PGET_CANSEE

Currently "procstat fd [pid]" cannot view anything, even for other processes
owned by the user making the call, not even their current working directory
(CWD), unless it has PGET_CANDEBUG permission.

linprocfs however allows reading the CWD for any process because it doesn't
perform that check (sys/compat/linprocfs/linprocfs.c, function
linprocfs_doproccwd()).

Applications use this, eg. xfce4-terminal relies on
/compat/linux/proc/<pid>/cwd to find the shell's CWD, so that when you open=
 a
new tab, it starts in the same CWD as the tab you opened it from
(https://github.com/xfce-mirror/xfce4-terminal/blob/master/terminal/termina=
l-screen.c#L2343).
I would like to patch xfce4-terminal to use libprocstat for that instead of
needing linprocfs to be mounted, but since procstat is more restrictive, it
will break it.

Can we please downgrade PGET_CANDEBUG to at least PGET_CANSEE, so you can v=
iew
the CWD for processes you own? Maybe other open files still need to be hidd=
en,
but the CWD doesn't seem like a major security concern.

Linux's own /proc filesystem never hides the CWD (lrwxrwxrwx), and only hid=
es
file descriptors for processes you don't own.

The attached patch decreases the access restriction to PGET_CANSEE, and wor=
ks
as intended in my tests.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246311-227>