Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 25 Oct 2009 11:13:39 +0100 (CET)
Consider this scenario, pavel's actions are the same as in yours: pavel & guest: cd /tmp pavel: mkdir my_priv; cd my_priv pavel: echo this file should never be writable > unwritable_file guest: mkdir pirate_chest guest: ln my_priv/unwritable_file pirate_chest pavel: chmod 700 . pavel: chmod 666 unwritable_file pavel: cat unwritable_file guest: echo got you > pirate_chest/unwritable_file pavel: cat unwritable_file pavel might have detected this attack if he checked the number of hardlinks on "unwritable_file" between the chmod's. But he did not check that. Yes, procfs makes it possible to circument directory permissions but it does not mean you are not playing with an armed grenade whenever you mix chmod with the number of the Beast. -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition /
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Ivan Jager (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux Klaus Lichtenwalder (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Kankovsky (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Matthew Dempsky (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Tony Finch (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Matthew Dempsky (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux Glynn Clements (Oct 29)