lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Oct 2009 19:31:26 +0100 From: Pavel Machek <pavel@....cz> To: Marco Verschuur <marco@....nl> Cc: Jim Paris <jim@...n.com>, Dan Yefimov <dan@...htwave.net.ru>, bugtraq@...urityfocus.com Subject: Re: /proc filesystem allows bypassing directory permissions on Linux Hi! (no html, please). > Proc does not need to be fixed, because /proc is referring to a file > inode. Well, that does not mean /proc does not need fixing. > You are expecting transactional behavior in /proc, where /proc only > registers object information. ... > And I think you would agree about your mis-interpretation earlier > if not so > many people had the same mis-interpretation of the virtual /proc > mechanism I think you understand the issue by now. But you think it should be documented better, not fixed. I believe that fixing it is easier and better option -- because surprises in security area are bad -- but of course, if this is documented properly, it also stops being so big problem. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists