[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4AE3491B.7050700@lightwave.net.ru>
Date: Sat, 24 Oct 2009 22:36:11 +0400
From: Dan Yefimov <dan@...htwave.net.ru>
To: Anton Ivanov <anton.ivanov@...-begemot.co.uk>
Cc: Matthew Bergin <matt.bergin@...mail.com>,
bugtraq@...urityfocus.com
Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
On 24.10.2009 22:05, Anton Ivanov wrote:
> It works on Debian 2.6.26 out of the box. It is not an obscure patched
> kernel case I am afraid.
>
> If you redir an FD to a file using thus redir-ed FD in /proc allows you
> to bypass directory permissions for where the file is located.
> Thankfully, file permissions still apply so you need an app which has
> silly file perms in a bolted down directory for this.
>
> Symlinking the same file to a link on a normal ext3 or nfs filesystem as
> a sanity check shows correct permission behaviour. If you try to write
> to that symlink you get permission denied so the permissions on the fs
> actually work.
>
> No need to be root, nothing. It is not a case of "forget to drop EID or
> something else like that either". It looks like what it says on the tin
> - permission bypass.
>
> Not that I would have expected anything different considering who posted
> it in the first place.
>
Thus Debian kernel team should be blamed for that misbehaviour. Don't worry,
hardlinks behave just the same way, as you describe. Use authentic Linux
kernels, if you dislike that.
--
Sincerely Your, Dan.
Powered by blists - more mailing lists