0

I want to read the memory map (/proc/PID/maps) of some process without being sudo. And that is trivial, unless, the process has capabilities. See what I mean:

If I run:

$ bash
$ cat /proc/$$/maps

This works and I get the output!

But if I run:

sudo setcap "cap_net_raw+p" /bin/bash

And try the test case again:

$ bash
$ cat /proc/$$/maps

I get:

cat: /proc/1151842/maps: Permission denied

I hope this is understandable.

Thanks for your help

Pablo Rodríguez
  • 11

1 Answers1

1

The ownership of the files in /proc/ is controlled by the "dumpable" flag inside the Linux kernel, which is used to prevent leaking information from a privileged process to an unprivileged user.

When the process gets capabilities it upgrades into a privileged process and /proc/ is now owned by root.

Answered in : Losing permissions by adding capability? and How to read the /proc/<pid>/fd directory of a process, which has a linux capability?

Pablo Rodríguez
  • 11