Item #: SCP-PJIN-009-J
Object Class: Euclid
Special Containment Procedures
The Foundation is investigating whether SCP-PJIN-009-J could be used as a "portal" to view temporary files in "Docker" containers, in a way that would otherwise be inaccessible from the normal root filesystem.
A new system call,
openat2, with a
RESOLVE_NO_M████LINKS flag has been introduced into recent (5.6+) versions of the Linux kernel, which should protect programs against SCP-PJIN-009-J without affecting any other symbolic links.
SCP-PJIN-009-J is a symbolic link (symlink) located at
/proc/████/root on the Linux filesystem. SCP-PJIN-009-J usually appears as a normal symbolic link that points to "/", or the root directory of the filesystem. However, viewing this symlink with
ls reveals a different filesystem view than the actual root filesystem. For example, some files may be missing, there may be extra files, especially in directories that are normally short-lived (such as
In addition, in one attempt to access SCP-PJIN-009-J, a completely different filesystem layout was seen. For example, normally, one would expect to see "/bin", "/boot", etc. in the root filesystem. However, the root filesystem as viewed through SCP-PJIN-009-J did not have any of those directories, instead only seeing "/proc", "/stuff", and [DATA EXPUNGED].
SCP-PJIN-009-J also differs from a normal symbolic link in that attempts to access it from a process whose effective user ID is anything other than 0 or ███ result in a "Permission denied" error. In addition, all attempts to bind mount SCP-PJIN-009-J to another part of the filesystem, even as root, have failed.
SCP-PJIN-009-J was discovered by D-████, when he was experimenting with the "Docker" container software. Testing revealed that this "Docker" software used system calls like un█████ and set██, which resulted in SCP-PJIN-009-J's anomalous behavior.
SCP-PJIN-009-J-1 is the
/proc/████/fd/█ symbolic link on the Linux filesystem.
- https://man7.org/linux/man-pages/man5/proc.5.html (see the description of
- https://man7.org/linux/man-pages/man2/openat2.2.html (see the description of