From patchwork Wed Jan 29 00:17:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrii Nakryiko X-Patchwork-Id: 13953373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC18AC0218D for ; Wed, 29 Jan 2025 00:17:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1219C28025B; Tue, 28 Jan 2025 19:17:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0D39428025A; Tue, 28 Jan 2025 19:17:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F035E28025B; Tue, 28 Jan 2025 19:17:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D0E4E28025A for ; Tue, 28 Jan 2025 19:17:57 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7FB671A062A for ; Wed, 29 Jan 2025 00:17:57 +0000 (UTC) X-FDA: 83058576594.14.8902AE6 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id 00CB18000C for ; Wed, 29 Jan 2025 00:17:55 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XMQr51eX; spf=pass (imf02.hostedemail.com: domain of andrii@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=andrii@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738109876; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=a1Nxhi8pk0Shxh+4fVpvRDBunuuq2h0faw5jAfB2uK0=; b=QOwXrfOvLevqqerEUdQQNTK75U3asvv8t3Zegks48g+IveEmdcpvhCWEYskv03Q3OneSrp dtGZmNkVAfRv6Tk7G/naEzVoWiKdk08i4LImjmI4psbmXs6k9SvWUwMrrRYYSTkBllT3Ie +xRklKgcsas8Qba/m2ovFU6wcFH9FK8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XMQr51eX; spf=pass (imf02.hostedemail.com: domain of andrii@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=andrii@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738109876; a=rsa-sha256; cv=none; b=5GgzogdBZc0w21pronX2Z+0e0APVdVPELKi3ConzBpy2a1IRB8RGfNYeAhRdLG6Yozddlm 9CgcCTcAGfx2Vvia36keGDu1Qkm47YOFopOia7M/4SJGJDYy9HRHW1SNsODl03feERoRUU BINwPFp6AujXIySKbrB7fz9qOMg7gus= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D59D05C0543; Wed, 29 Jan 2025 00:17:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FF80C4CED3; Wed, 29 Jan 2025 00:17:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738109874; bh=rhcPxDE/hGrU4tf9/2EyzDn71kVa3O0+HXsB6rQX/xg=; h=From:To:Cc:Subject:Date:From; b=XMQr51eXkbgeqEBNx86SM3BNnHtKhdZ+DwW0CQw3KFQaBJU4p+Xa/y4x+vBGlceeM J8T/UOk/6HEc6WyfirILBWGMo/CidLMIuS/xexztcRoWWEtQNmQUHwRfVNuGJ6c2mk ebLST4lm8SjTzlGN5/d4TE5OW1pnRPVn1+L1VCOelReXoCWC+tPyLieXsFo1soWERW rBy6NjICdHHW8f6yVqVzWn8fgdhOpd/1YZQbmzOEYoz7YgvuKb8GrCiqBLsb130PUe MJXcGsFpKLnYoOd6jUFngLM5O+hh5dVbLmGpqzVg68ot6KJamoPW9CRdVpFjkk7T1p JtL10Th6zOpwA== From: Andrii Nakryiko To: linux-mm@kvack.org, akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, brauner@kernel.org, viro@zeniv.linux.org.uk Cc: linux-kernel@vger.kernel.org, bpf@vger.kernel.org, kernel-team@meta.com, rostedt@goodmis.org, peterz@infradead.org, mingo@kernel.org, linux-trace-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, shakeel.butt@linux.dev, rppt@kernel.org, liam.howlett@oracle.com, surenb@google.com, kees@kernel.org, jannh@google.com, Andrii Nakryiko Subject: [PATCH] docs,procfs: document /proc/PID/* access permission checks Date: Tue, 28 Jan 2025 16:17:47 -0800 Message-ID: <20250129001747.759990-1-andrii@kernel.org> X-Mailer: git-send-email 2.43.5 MIME-Version: 1.0 X-Rspamd-Queue-Id: 00CB18000C X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: 7y4gruniptexo5hpjoidcd93q3jjd8cm X-HE-Tag: 1738109875-146110 X-HE-Meta: U2FsdGVkX189GedlkHS0M/6/sX4KPKtFgxK9NVbJN4gxvqbf6HE4zfhCpnhNf3v2rXUEPEVvllONCguo6cfotATtnytVg/Gli72qiUiHups2orACdyIW73aEsK1ExKChHDKpPtlBbA0Toz5FNcgvIXOFHszAL/TrVue94o09XdWcK1gEemsVlMj0XaDgpfnYhAwOOIbDUKvO308OpQ8hlp9+Y63+B9af52lUzyHSgY+BTD+y4qbT6Csf/tFuxUGGtXS4xYs0scjDCdUddVmdRnJ/K+lRl8L2ksFKEuONa9QSX2Iegv9kSffZMOEtnZhJNKad5pgTQOsAqGXPKVzGxSipNmC+FMfeLgzgsvVJ5J4x/gLhgxS2l4o8HANpKmH7blOUEaZ4j8/3Yt6f2zKROAj6++KxjBIH8iy/LqsjVDSV4UM+QzsNmgRwZqlJ/Vb47Sec48hApSc6h1Od5kzhK60EwEdJB931COxxtCMVedXG6DFr9nyxqJ9awK4S3LM7n6uuNmfaAHkyGfMervDZRwV83d1Fv0olAshY8mRajOelfeP9Knd/RwPTtxBTT6qi+lsB7hqxQ+Y/6Li96MTg84orLK88U0kTn1GPLEUDBqKHrShpu5olqn6LgXTeI+3vSBkuwm8M/C4ZdWCv1oiYg/F1AZAlqKgPgymJRIxHGTiVVnhCeKvKjCLzbyFJc4b0+BlPjCRW+Ey6uYzNVVhtS+8zoZqZJ/XiSrrL3wilwLVfTq4KE4/7DPr9l8BOkhoIjUuNIBbhIghOPE6zxQJYiLWVfRQ96ZeH6PGebPjOx+5HurRf/Np6SeQuypgILCqBxq39+xp+GV+ewsCFAyTqCQFjepRdGUtq2g/gD35HOyFrbgN4ycUSd+NwMKnd7aSPieaVhcEy5uVMaKDHtyYVSjSmz9fcgN77diwNf6D/8stiPe91E7wPlJD++a20z0QPiE4OFQaBzyDmvblXCOl 66HsV59X kfsC5QkHMy7yBZkivAlEoDqS9nbo4eD/KtSbhNmGtrbVdVTPuQCLOhMMXXQxSXdgQIBuwl+tdvFYRZ9zebIDY7FM7R/VuqU5nybRp3auzewmuzpS8OLUeofuG+T7aSpRcs5Zjw90pSh0fJBVZKqG8vti78eEoQiYcWcvSMzvL1zm75QW9PhhVfxS5PCYB+IkIbyoSIryxbs5/YVHJalCd16tc7Jx5XfsPlm4+JkGkpOJZqA4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a paragraph explaining what sort of capabilities a process would need to read procfs data for some other process. Also mention that reading data for its own process doesn't require any extra permissions. Signed-off-by: Andrii Nakryiko Reviewed-by: Shakeel Butt --- Documentation/filesystems/proc.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 09f0aed5a08b..0e7825bb1e3a 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -128,6 +128,16 @@ process running on the system, which is named after the process ID (PID). The link 'self' points to the process reading the file system. Each process subdirectory has the entries listed in Table 1-1. +A process can read its own information from /proc/PID/* with no extra +permissions. When reading /proc/PID/* information for other processes, reading +process is required to have either CAP_SYS_PTRACE capability with +PTRACE_MODE_READ access permissions, or, alternatively, CAP_PERFMON +capability. This applies to all read-only information like `maps`, `environ`, +`pagemap`, etc. The only exception is `mem` file due to its read-write nature, +which requires CAP_SYS_PTRACE capabilities with more elevated +PTRACE_MODE_ATTACH permissions; CAP_PERFMON capability does not grant access +to /proc/PID/mem for other processes. + Note that an open file descriptor to /proc/ or to any of its contained files or subdirectories does not prevent being reused for some other process in the event that exits. Operations on