Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: Jim Paris <jim () jtan com>
Date: Fri, 30 Oct 2009 13:40:28 -0400
Marco Verschuur wrote:
Your assumption that the same file descriptor is being re-opened is wrong! The file descriptor retrieved via /proc is a new one. It is not the same as the initial read-only.
Yes, I totally agree.
Therefor it's totally of no influence what you do with the original directory permission. File access has nothing to do with directory permissions...!
Right. However the whole point of this discussion is that that is a non-obvious point, there was no other way that the user could have opened that file without the use of /proc.
Imagen: - a house surrounded with a fence with all doors unlocked (file with perm 0666) - a drive-way leads to the gate in the fence and the gate is unlocked (dir with perms 777) - next we put a lock on the gate and don't give guest the key (dir with perms 700) - guest cannot access the house because he can't pass the gate - now we take an airplane and parachute guest straight into the perimeter of the fence (/proc access) - guest can access the house (write the file), because the house has all doors unlocked
Pavel required that the superuser have lax directory permisisons and subsequently make them more restrictive, which led to a flurry of responses about hardlinks, race conditions, etc. My example merely removed this aspect to demonstrate that it is not a race. In mine, the directory permissions are 0700 from the start and there are no races involved. -jim
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- Re: /proc filesystem allows bypassing directory permissions on Linux Vincent Zweije (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Message not available
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Joel Maslak (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)