In message <[EMAIL PROTECTED]> David Malone writes:
: The "file" file was removed from FreeBSD's /proc code (in 4.0 and
: 5.0) because of this, but it is probably important for Linux
: emulation so it can't really be removed from the linprocfs code.
: I guess this probably warrants at least a note in the man page.
File was removed because it was a huge, gaping security hole. It was
effectively hard link to the file in question and circumvented some of
the usual security protections that the file would otherwise be
protected by.
: Linux itself is not subject to this problem because it's exe file
: is a synthetic symlink pointing to the executable, not something
: which returns the executables actual vnode.
And that's why it is still in the tree. A symbolic link doesn't have
the security issues that the hard link has.
: Also, on Linux the
: symlink is only readable by the process' owner. This suggests the
: following possible work around:
: 1) Add a directory /linproc/pid/private which is only
: executable and readable by the process' owner.
: 2) Make the "exe" file in /linproc/pid/ a symlink to
: "./private/exe", which is the file which gives
: you the executables real vnode.
: I think this will give the same behavior as the Linux procfs, and
: expose less suid stuff. It would be necessary to do something very
: like this if we ever have to implement /linproc/pid/fd/xx.
Why bother? No body should be using file/exe at all. It is a useless
misfeature. What actually uses it?
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
