Hi Stéphane - Tavis pointed out[1] two additional issues with the patch in comment #2.
1) The owner of the /proc/PID directory is controllable by executing a setuid binary. You'll have to check the real UID of the process. That's doable by parsing /proc/PID/status. The real UID is the first UID in the Uid: row.
2) There's a race between getting the ppid and changing into the /proc/ppid/ directory and the ppid could be recycled. It is best if you call get_ppid() again, after the chdir(), and verify that the ppid hasn't changed (meaning that it has been recycled).
Hi Stéphane - Tavis pointed out[1] two additional issues with the patch in comment #2.
1) The owner of the /proc/PID directory is controllable by executing a setuid binary. You'll have to check the real UID of the process. That's doable by parsing /proc/PID/status. The real UID is the first UID in the Uid: row.
2) There's a race between getting the ppid and changing into the /proc/ppid/ directory and the ppid could be recycled. It is best if you call get_ppid() again, after the chdir(), and verify that the ppid hasn't changed (meaning that it has been recycled).
[1] http:// www.openwall. com/lists/ oss-security/ 2015/04/ 15/11