Hi Matt, Matt Johnston wrote: > Not really sure of a good workaround.
You can fchmod() or fchown() the pipe descriptor, with fchown() being more secure. # echo hello | (ls -lL /proc/self/fd/0; sudo -u nobody cat /proc/self/fd/0) prw------- 1 root root 0 May 1 17:06 /proc/self/fd/0 cat: /proc/self/fd/0: Permission denied # echo hello | (chmod a+rw /proc/self/fd/0; ls -lL /proc/self/fd/0; sudo -u nobody cat /proc/self/fd/0) prw-rw-rw- 1 root root 0 May 1 17:05 /proc/self/fd/0 hello # echo hello | (chown nobody: /proc/self/fd/0; ls -lL /proc/self/fd/0; sudo -u nobody cat /proc/self/fd/0) prw------- 1 nobody nogroup 0 May 1 17:06 /proc/self/fd/0 hello Best, - Jamie Matt Johnston wrote: > Hi Szabolcs, > > Ah, that's a bit nasty. I guess the difference is that OpenSSH runs the daemon > as the user, while Dropbear runs as root. > > The procfs manpage mentions the problem. [1]http://man7.org/linux/man-pages/ > man5/proc.5.html > > Note that for file descriptors referring to inodes (pipes and > sockets, see above), those inodes still have permission bits > and ownership information distinct from those of the > /proc/[pid]/fd entry, and that the owner may differ from the > user and group IDs of the process. An unprivileged process > may lack permissions to open them, as in this example: > > $ echo test | sudo -u nobody cat > test > $ echo test | sudo -u nobody cat /proc/self/fd/0 > cat: /proc/self/fd/0: Permission denied > > Not really sure of a good workaround.