| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Oct 2009 02:31:47 +0400 From: Dan Yefimov <dan@...htwave.net.ru> To: Pavel Machek <pavel@....cz> Cc: bugtraq@...urityfocus.com Subject: Re: /proc filesystem allows bypassing directory permissions on Linux On 24.10.2009 1:56, Pavel Machek wrote: > Now... go back to my original email: > > %pavel@toy:/tmp/my_priv$ chmod 700 . > %# relax file permissions, directory is private, so this is safe > %# check link count on unwritable_file. We would not want someone > %# to have a hard link to work around our permissions, would we? > %pavel@toy:/tmp/my_priv$ chmod 666 unwritable_file > > Yes, you are right, open file descriptor acts as a kind of hardlink > here. Except that > > a) this kind of hardlink does not exist when /proc is mounted (and on > non-Linux) > > b) unlike other hardlinks, you can't see it on the link count > > (and c) writing to file descriptor opened read-only is bad). > >>> Plus, you may run traditional unix/POSIX application, expecting >>> directory access controls to prevent the write. (Or can you see a way >>> to write to that file when /proc is unmounted?) >>> >> Directory permissions control an access just to the directory >> itself, not to the files in it, so your pretensions are in fact >> illegitimate. > > Demonstrate how to get access to the file with /proc unmounted and you > have a point. Demonstrate how to get access on anything else then > Linux and you have a point. Otherwise there's a security hole. > Did you think of creating a hardlink to the file in an unrestricted location? That is the like "security hole". -- Sincerely Your, Dan.
Powered by blists - more mailing lists