Package: linux-image-6.18.10+deb14-amd64 Version: 6.18.10-1 Severity: normal
Dear Maintainer,
I reproduce this on 6.18.10+deb14-amd64 (current nightly d-i),
6.1.0-35-amd64, and 6.7.7-amd64:
$ cat a.c
int main() {
close(0);
open("/proc/self/maps", 0);
char buf[20];
read(0, buf, sizeof(buf));
execlp("cat", "cat", (void *)0);
}
$ cc a.c
$ ./a.out
b3000 r--p 00000000 00:8a 816985
/home/nabijaczleweli/uwu/otp/a.out
$ sed -e 's:read://&:' -e s/cat/wc/ a.c > b.c
$ cc b.c
$ ./a.out
0 0 0
You can reproduce this with bash with wc < /proc/self/maps,
which yields 0 0 0 because bash does fork -> open -> exec.
dash does open -> fork -> exec, and it shows dash's maps.
Arguably bash is more correct, except Linux doesn't implement the file
in a useful way (doesn't implement it correctly(?)).
For non-/self/ I tried:
1$ echo $$
1727476
1$ exec sleep inf # after the sleep below
2$ (sleep 10; wc) < /proc/1727476/maps
0 0 0
and
1$ echo $$
1730151
1$ exec sleep inf # after the sleep below
2$ (head -c 32; sleep 10; wc) < /proc/1730151/maps
55cf54298000-55cf542c7000 r--p 01 4 55
which replicates this directly.
(read()ing a /proc/$pid/maps fd after $pid does exist returns ESRCH,
which is as-expected I think.)
Best,
-- System Information:
Debian Release: 12.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable-debug'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-35-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
signature.asc
Description: PGP signature
