Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: Dan Yefimov <dan () lightwave net ru>
Date: Sat, 24 Oct 2009 02:31:47 +0400
On 24.10.2009 1:56, Pavel Machek wrote:
Now... go back to my original email: %pavel@toy:/tmp/my_priv$ chmod 700 . %# relax file permissions, directory is private, so this is safe %# check link count on unwritable_file. We would not want someone %# to have a hard link to work around our permissions, would we? %pavel@toy:/tmp/my_priv$ chmod 666 unwritable_file Yes, you are right, open file descriptor acts as a kind of hardlink here. Except that a) this kind of hardlink does not exist when /proc is mounted (and on non-Linux) b) unlike other hardlinks, you can't see it on the link count (and c) writing to file descriptor opened read-only is bad).Plus, you may run traditional unix/POSIX application, expecting directory access controls to prevent the write. (Or can you see a way to write to that file when /proc is unmounted?)Directory permissions control an access just to the directory itself, not to the files in it, so your pretensions are in fact illegitimate.Demonstrate how to get access to the file with /proc unmounted and you have a point. Demonstrate how to get access on anything else then Linux and you have a point. Otherwise there's a security hole.
Did you think of creating a hardlink to the file in an unrestricted location? That is the like "security hole". -- Sincerely Your, Dan.
Current thread:
- /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Stephen Harris (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Vincent Zweije (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Vincent Zweije (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)