| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4AE21F21.2040504@lightwave.net.ru> Date: Sat, 24 Oct 2009 01:24:49 +0400 From: Dan Yefimov <dan@...htwave.net.ru> To: Pavel Machek <pavel@....cz> Cc: bugtraq@...urityfocus.com Subject: Re: /proc filesystem allows bypassing directory permissions on Linux On 24.10.2009 1:08, Pavel Machek wrote: >> That can hardly be called a real security hole, since the behaviour >> described above is expected, and is as it was conceived by design. >> If the file owner in fact allows writing to it, why should Linux >> prevent that from happening? > > No, I do not think this is expected. You could not write to that file > under traditional unix, and you can not write into that file when > /proc is unmounted. > > I do not think mounting /proc should change access control semantics. > It didn't in fact change anything. If the guest created hardlink to that file in a unrestricted location, what would you say? Procfs is in that respect just another sort of hardlinks, whether you like that or not. If you didn't in fact restrict an access to the file, you're on your own. > Plus, you may run traditional unix/POSIX application, expecting > directory access controls to prevent the write. (Or can you see a way > to write to that file when /proc is unmounted?) > Directory permissions control an access just to the directory itself, not to the files in it, so your pretensions are in fact illegitimate. Anyway, you're free to consider that a security hole, but remember, that nobody is obliged to agree with you in that or help you solving problems invented by yourself. -- Sincerely Your, Dan.
Powered by blists - more mailing lists