BugTraq
Re: Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 03:14PM
nomail nomail com (2 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 09:29PM
Dan Yefimov (dan lightwave net ru) (1 replies)
On 26.10.2009 18:14, nomail (at) nomail (dot) com [email concealed] wrote:
>>> I do not think mounting /proc should change access control semantics.
>>>
>> It didn't in fact change anything. If the guest created hardlink to that file in
>> a unrestricted location, what would you say?
>
> Do your homework and test it. You can't create the hardlink - the link(oldpath,
> newpath) call will fail with EACCES if search permission is denied for any
> directory in oldpath or newpath. Documented in the manpage, and I just tested
> and verified it.
>
Good boy. However, there wasn't worth both citing well known facts to me and
testing them. Remember the scenario from the original mail and try finding a
window, during which creating a hardlink would still work thus evading directory
permissions check.
--

Sincerely Your, Dan.

[ reply ]
Re: /proc filesystem allows bypassing directory permissions onLinux Oct 27 2009 12:49AM
CaT (cat zip com au) (1 replies)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 28 2009 09:30PM
Pavel Machek (pavel ucw cz)
Re: /proc filesystem allows bypassing directory permissions on Linux Oct 26 2009 09:27PM
Kinzel, David (dakinzel suncor com)


 

Privacy Statement
Copyright 2010, SecurityFocus