can a process modify these proc filesystem informations?

Martin MAURER (martin.maurer@email.de)
11 Jun 2003 11:06:35 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joe Thornber: "Re: 2.5.70-mm7"
Previous message: Andrew Morton: "2.5.70-mm8"

This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_courier-23871-1055322421-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi all,

Please CC me in your replies. (not subscribed to the list)

I am developping a firewall application[1], that filters connections
(besides other informations) on the process which is sending/receiving
the packets. To get the corresponding process name I use the following
method:
1.) i get the ip/port from ip_queue
2.) i search for the inode in /proc/sys/tcp[udp]
3.) i search in /proc/xxx/fd/ for the inode
4.) i get the executeable name by examining /proc/xxx/fd/exe
xxx being all pids in /proc

I just wanted to know if it is possible for a non-root process to
modify:=20
- /proc/PID/exe
- /proc/PID/fd
- /proc/sys/tcp

ie: Is the infomation I get this way reliable or can it be faked.

greetings
Martin Maurer

[1] http://fireflier.sf.net

--=_courier-23871-1055322421-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+5vEbXHsqb5Up6wURApd6AJ4piqmottbaIrLAQoVqzgy93jhlxQCgg4YX
jwxojWbl1xTGGljSAa29+oI=
=aU2b
-----END PGP MESSAGE-----

--=_courier-23871-1055322421-0001-2--

Next message: Joe Thornber: "Re: 2.5.70-mm7"
Previous message: Andrew Morton: "2.5.70-mm8"