Q: uid in /proc/net/tcp

Q: uid in /proc/net/tcp

Post by Bernd Striede » Tue, 07 Sep 1999 04:00:00



Hi,

since I'm no kernel hacker I reference the place where the problem
occurs to me.

In /proc/net/tcp sockets representing tcp-connections are listed, and
there is a column which lists the uid.

What are the semantics of this uid?

- Is it the current uid of the process the socket belongs to?
- Is it the uid the process the socket belongs to had when the socket
was created?
- Anything else or more complicated?

Some more theoretically questions:

Are those sockets associated an uid internally to achieve certain
functionality or is this uid just a convenience to the reader of
/proc/net/tcp?

Are there reasons that this uid must be the euid, or could it be the
ruid as well?

Background:

I have in front of me an implementation of the IDENT protocol, RFC 1413,
which reads /proc/net/tcp and returns the uid of this file, although it
might be more reasonable to return the ruid. Often programs with SUID
root cause ident-calls, but somehow one should assume that it is an
implementation detail of those programs that they are SUID root, and the
answers identd returns should be based on the real user. ident-calls are
mostly done by tcp-wrappers.

My problem is that I want to connect via rlogin to a Solaris machine,
but my identd returns to this machine that my rlogin connection belongs
to root. But root is not allowed to rlogin to this machine.

So after all this might indicate a problem in the currently installed
identd.

Regards,

Bernd Strieder.

 
 
 

1. /proc/net/tcp and /proc/net/udp

I'm trying to figure out how to debug these files outputs. I have already
made my own tripwire ids component, I would like to now make a program that
makes certain the kernel isn't patched (i.e.: lkm root kit) and make sure I
can see my program listening on a port from netstat, and this file, I will
also send/recv data but thats not really related to /proc heh. I was just
wondering does someone know where the por is? I get each connection is a
line... and it has a number... but like almost everything is in hex I think
and "man proc" isn't very helpful in telling you what the information in
the files mean. Any help will be appreciated.

2. PORTMAP

3. ipv4: move proc stuff from net/ipv4/af_inet.c to net/ipv4/proc.c

4. mount bug ?

5. /proc/net/route, /proc/net/rt_cach, sysctl ??

6. STT-Mailgate: comp.os.linux.setup

7. Socket Status in /proc/net/tcp

8. 2nc case for HD's

9. /proc/net/tcp

10. TCP/IP, /proc/net, snmp

11. HELP: C structure of /proc/net/tcp

12. "/proc/net/tcp|udp"

13. 2.2 -> 2.4: /proc/net/tcp 10x slower ?