| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Oct 2009 22:36:11 +0400 From: Dan Yefimov <dan@...htwave.net.ru> To: Anton Ivanov <anton.ivanov@...-begemot.co.uk> Cc: Matthew Bergin <matt.bergin@...mail.com>, bugtraq@...urityfocus.com Subject: Re: /proc filesystem allows bypassing directory permissions on Linux On 24.10.2009 22:05, Anton Ivanov wrote: > It works on Debian 2.6.26 out of the box. It is not an obscure patched > kernel case I am afraid. > > If you redir an FD to a file using thus redir-ed FD in /proc allows you > to bypass directory permissions for where the file is located. > Thankfully, file permissions still apply so you need an app which has > silly file perms in a bolted down directory for this. > > Symlinking the same file to a link on a normal ext3 or nfs filesystem as > a sanity check shows correct permission behaviour. If you try to write > to that symlink you get permission denied so the permissions on the fs > actually work. > > No need to be root, nothing. It is not a case of "forget to drop EID or > something else like that either". It looks like what it says on the tin > - permission bypass. > > Not that I would have expected anything different considering who posted > it in the first place. > Thus Debian kernel team should be blamed for that misbehaviour. Don't worry, hardlinks behave just the same way, as you describe. Use authentic Linux kernels, if you dislike that. -- Sincerely Your, Dan.
Powered by blists - more mailing lists