Bug 18358

Summary: /proc process directories don't have a "file" entry
Product: Base System Reporter: ji <ji>
Component: kernAssignee: Brian Feldman <green>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-RELEASE   
Hardware: Any   
OS: Any   

Description ji 2000-05-03 03:30:01 UTC 
/proc file system directories don't have a "file" link.

Fix: 

???
How-To-Repeat: 
ls -l /proc/*/file
ls: /proc/*/file: No such file or directory
Comment 1 dwmalone 2000-05-04 13:28:04 UTC 
The implimentation of /proc/file was found to be a security problem,
as it exposed suid binaries to the world, which might not otherwise
have been visable.

This has been replaced in 5.0 (I think by Brian Feldman?) with a
implimentation more like the one used in Linux, which uses a symlink
to the binary and so doesn't expose suid binaries. I guess this
will be backported to 4.X before 4.1 will be released.

Maybe this PR could be given to Brian to remind him to MFC when
the code is ready?

	David.
Comment 2 Sheldon Hearn freebsd_committer freebsd_triage 2000-05-04 16:40:07 UTC 
Responsible Changed
From-To: freebsd-bugs->green

Reminder for Brian to backport the more secure symlink ``file'' node 
to RELENG_4.
Comment 3 Brian Feldman freebsd_committer freebsd_triage 2001-11-28 19:42:50 UTC 
State Changed
From-To: open->closed

This is in both -CURRENT and -STABlLE. My only qualm is there is a race 
if the file has permission to be hardlinked to by a user, which can be 
solved by storing the original directory vnode used to get the textvp 
for the process. Then, the only possible insecurity would be someone who 
already had valid permissions modifying the paths (which they could do 
to screw things upp anyway, without proc/foo/file).