BugTraq
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 09:12PM
Dan Yefimov (dan lightwave net ru) (4 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 25 2009 09:46AM
Klaus Lichtenwalder (k lichtenwalder computer org)
Re: /proc filesystem allows bypassing directory permissions onLinux Oct 24 2009 06:47AM
Anton Ivanov (arivanov sigsegv cx) (1 replies)
Re: /proc filesystem allows bypassing directory permissions onLinux Oct 24 2009 04:19PM
Dan Yefimov (dan lightwave net ru) (1 replies)
Re: /proc filesystem allows bypassing directory permissionsonLinux Oct 24 2009 04:59PM
Anton Ivanov (arivanov sigsegv cx) (1 replies)
Re: /proc filesystem allows bypassing directory permissionsonLinux Oct 24 2009 05:39PM
Dan Yefimov (dan lightwave net ru) (1 replies)
Re: /proc filesystem allows bypassing directorypermissionsonLinux Oct 24 2009 06:05PM
Anton Ivanov (anton ivanov kot-begemot co uk) (1 replies)
Re: /proc filesystem allows bypassing directorypermissionsonLinux Oct 24 2009 06:36PM
Dan Yefimov (dan lightwave net ru) (2 replies)
Re: /proc filesystem allows bypassing directorypermissionsonLinux Oct 27 2009 08:59PM
Ivan Jager aij+ (at) mrph (dot) org [email concealed] (aij+ mrph org)
Re: /proc filesystem allows bypassingdirectorypermissionsonLinux Oct 24 2009 07:27PM
Anton Ivanov (anton ivanov kot-begemot co uk) (1 replies)
Re: /proc filesystem allows bypassing directory permissions onLinux Oct 29 2009 11:00AM
Pavel Machek (pavel ucw cz)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 10:05PM
Pavel Machek (pavel ucw cz) (2 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 03:30PM
Casper Dik sun com (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 04:16PM
Dan Yefimov (dan lightwave net ru) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 09:58PM
psz maths usyd edu au (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 27 2009 06:50AM
Marco Verschuur (marco osp nl) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 27 2009 12:56PM
psz maths usyd edu au (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 27 2009 08:19PM
Marco Verschuur (marco osp nl) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 28 2009 09:38PM
Pavel Machek (pavel ucw cz) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Oct 29 2009 04:32PM
Martin Rex (Martin Rex sap com) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Oct 29 2009 08:36PM
Pavel Machek (pavel ucw cz)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 10:21PM
Dan Yefimov (dan lightwave net ru) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 10:39PM
Pavel Machek (pavel ucw cz) (3 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 09:49PM
Glynn Clements (glynn gclements plus com)

Pavel Machek wrote:

> Check it again. There's no race; I check link count before chmod 666.

Which creates a race condition, as the link could be created after the
check but before the chmod.

You can't safely rely upon directory permissions if the directory was
created 0777 then chmod'ed down later. It needs to be created with the
restrictive permissions from the outset.

--
Glynn Clements <glynn (at) gclements.plus (dot) com [email concealed]>

[ reply ]
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 04:05PM
Tamber Penketh (james penketh googlemail com) (1 replies)
Re: /proc filesystem allows bypassing directory permissions onLinux Oct 27 2009 12:55AM
Pavel Machek (pavel ucw cz)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 10:55PM
Dan Yefimov (dan lightwave net ru)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 23 2009 09:22PM
Arturo 'Buanzo' Busleiman (buanzo buanzo com ar)


 

Privacy Statement
Copyright 2010, SecurityFocus