files owner:group doesn't change at location /proc/<pid>/ after setuid()?

Question

I had the requirement of spawning a process as a root, then dropping its privileges to non-root user, so to implement this i used setbit for the binary and changes the owner to root. then i spawned the process as a non-root user and initially it started as root , after doing necessary task i used setuid(getuid()) call to drop its privileges to non-root user. what happens with this is owner:group of all the files at the location /proc/(pid)/ remains root:root. due to which the threads which are spawned by my process (after dropping privileges) . Do have accesss denied in /proc/(pid)/exe. anyone having any idea why the setuid doesn't set the owner:group at files location /proc/(pid)?

Answer 1

Under Linux, if a process was set-id when it started, or if the user has permission to execute the binary but not read it, and possibly under some other condition as well, a "dumpable" flag is cleared inside the kernel. For security reasons, this flag prevents a few things: it disallows core dumps (a core dump might leak privileged information), prevents normal users from attaching a debugger, and restricts access to most of the files in /proc/<pid> for that process.

Once cleared, that flag cannot be set again, even if the process drops privileged.

(Actually, there is a system call prctl(PR_SET_DUMPABLE) that can change the value of the flag but I believe the system call is not meant for general use.)

More importantly, I wonder what you are doing in your program that depends on /proc/<pid>/exe or other files in /proc/<pid> being readable/openable.