This has nothing to do with foreground and background processes; it only has to do with the currently running process. When the kernel has to answer the question “What does /proc/self point to?”, it simply picks the currently-scheduled pid, i.e. the currently running process (on the current logical CPU). The effect is that /proc/self always points to the asking program's pid; if you run

ls -l /proc/self

you'll see ls's pid, if you write code which uses /proc/self that code will see its own pid, etc.

Answer from Stephen Kitt on Stack Exchange
🌐
Linux Man Pages
man7.org › linux › man-pages › man5 › proc.5.html
proc(5) - Linux manual page
When a process accesses this magic symbolic link, it resolves to the process's own /proc/pid directory. /proc/thread-self See proc_thread-self(5). When a thread accesses this magic symbolic link, it resolves to the process's own /proc/self/task/tid directory.
Discussions

linux - what's the difference between /proc/self and /proc/$$? - Stack Overflow
I used to think that /proc/self and /proc/$$ are the same in bash terminal, but now I find they are different. I know $$ means the current process' pid, and /proc/self is the currently running pro... More on stackoverflow.com
🌐 stackoverflow.com
linux - What does 'self' mean in /proc? - Unix & Linux Stack Exchange
In this question: What is the file descriptor 3 assigned by default? is used /proc/self/fd, which dereference to /proc/32157/fd. So it is pid? And why cannot I echo $self? I have never seen self be... More on unix.stackexchange.com
🌐 unix.stackexchange.com
A cool trick with /proc/self/fd
tl;dr /proc/self/fd/1 points to a process' standard output. You can use this to trick programs into printing to the terminal instead of files. And stuff. More on reddit.com
🌐 r/linux
9
20
April 12, 2014
process - How is /proc/self implemented in Linux? - Unix & Linux Stack Exchange
I was tinkering around with the /proc filesystem in Linux, and I came across /proc/self, which is a symbolic link to the process directory of the current process. I would like to know how it is More on unix.stackexchange.com
🌐 unix.stackexchange.com
March 14, 2012
🌐
Reddit
reddit.com › r/linuxmint › why is nethogs showing /proc/self/exe when being run with sudo privileges? (and other questions.)
r/linuxmint on Reddit: Why is nethogs showing /proc/self/exe when being run with Sudo privileges? (And other questions.)
October 23, 2025 -

Sorry for the bad pic. The covered text is my first name lol.

For reference, this is on a nearly fresh install of Linux Mint. All I've installed at this point is steam (from their website), nethogs (from the software manager) and ClamAV, its dependencies, as well as ClamTK (also all from the software manager.) ClamAV doesn't seem to be working for some reason, so I can't scan for viruses right now, so this weird process has me paranoid.

Anyways, to my understanding, something only shows up like this when nethogs isn't run with sudo privileges... but I am running it with such privileges. I occasionally see it send and receive tiny amounts of data (like, 0.020 KB/sec). Could I have somehow been infected by a virus, or is this just nothing to worry about?

Also, for the "unknown TCP" thing... I've only seen it send and receive data once, for a fraction of a second (it was also a very tiny amount. About 0.020 KB/sec.). From what I've gathered by looking it up online, this normally shows up in nethogs. I just wanted to confirm that, as well.

Sorry if this sounds like unhinged rambling. This whole thing has me quite paranoid. Plus, I'm a total noob to Linux, so there's a lot of things I don't understand very well, if at all.

🌐
Medium
medium.com › @zoningxtr › unlocking-the-power-of-proc-self-fd-in-linux-from-basics-to-exploits-and-prevention-f58d2202b129
🔍💥 Unlocking the Power of /proc/self/fd/ in Linux: From Basics to Exploits and Prevention 💣🔐 | by Zoningxtr | Medium
August 16, 2025 - It holds file descriptors for processes, offering insights into open files, sockets, and streams. While it’s a legitimate feature for debugging and system management, attackers have also found creative ways to abuse it for exploitation.
🌐
The Linux Kernel
docs.kernel.org › filesystems › proc.html
The /proc Filesystem — The Linux Kernel documentation
The directory /proc contains (among other things) one subdirectory for each process running on the system, which is named after the process ID (PID). The link ‘self’ points to the process reading the file system.
Find elsewhere
🌐
Linux Man Pages
linux.die.net › man › 5 › proc
proc(5): process info pseudo-file system - Linux man page
Before kernel 2.4.19, this file was a list of all the file systems currently mounted on the system. With the introduction of per-process mount namespaces in Linux 2.4.19, this file became a link to /proc/self/mounts, which lists the mount points of the process's own mount namespace.
🌐
Clever Uptime
cleveruptime.com › docs › files › proc-self
/proc/self: Explanation & Insights - CleverUptime
In a Unix-like operating system, /proc is a virtual filesystem that provides a way to access information about processes and the system itself. The /proc/self directory is a symbolic link that refers to the process directory of the current process.
🌐
Substack
fernandovillalba.substack.com › the personable engineer › a journey into the linux proc filesystem
A journey into the Linux proc filesystem
March 17, 2024 - /proc/self —> /proc/[process-accessing-id] (self will dynamically change location to point to the pid of the process accessing it)
🌐
Reddit
reddit.com › r/linux › a cool trick with /proc/self/fd
r/linux on Reddit: A cool trick with /proc/self/fd
April 12, 2014 - tl;dr /proc/self/fd/1 points to a process' standard output. You can use this to trick programs into printing to the terminal instead of files.
🌐
LWN.net
lwn.net › Articles › 920384
Hiding a process's executable from itself [LWN.net]
Specifically, the attack opens the runc process's /proc/self/exe file, creating a read-only file descriptor — inside the container — for the target binary, which lives outside that container. Once runc exits, the attacker is able to reopen that file descriptor for write access; that descriptor can subsequently be used to overwrite the runc binary.
🌐
Github
xen0vas.github.io › Exploiting-the-LFI-vulnerability-using-the-proc-self-stat-method
Exploiting the LFI vulnerability using the /proc/self/stat method | xen0vas.github.io
August 15, 2018 - In a nutshell, when a process is created and has an open file handler then a file descriptor will point to that requested file. As Apache is requesting this file (via the LFI vulnerability) and since the file is located inside Apache’s proc directory, we can use /proc/self instead of searching for Apache’s PID.
🌐
offlinemark
offlinemark.com › home › linux internals: how /proc/self/mem writes to unwritable memory
Linux Internals: How /proc/self/mem writes to unwritable memory - offlinemark
January 24, 2024 - This uses /proc/self/mem to write to two unwritable memory pages. The first is a read-only page that the code itself maps.