[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1256412445.21344.24.camel@magrat.sigsegv.cx>
Date: Sat, 24 Oct 2009 20:27:25 +0100
From: Anton Ivanov <anton.ivanov@...-begemot.co.uk>
To: Dan Yefimov <dan@...htwave.net.ru>
Cc: Matthew Bergin <matt.bergin@...mail.com>,
bugtraq@...urityfocus.com
Subject: Re: /proc filesystem allows bypassing
directory permissions on Linux
> >
> > Not that I would have expected anything different considering who posted
> > it in the first place.
> >
> Thus Debian kernel team should be blamed for that misbehaviour. Don't worry,
> hardlinks behave just the same way, as you describe. Use authentic Linux
> kernels, if you dislike that.
Just tested it on my colo where the provider is using some homebrew
derived from the upstream Linux kernel. In any case Pavel was most
likely using Suse and I asked someone to give it a go on one of all
Ubuntu varieties. So even if it is not present upstream it is in a patch
which more than one distro has adopted (f.e. ptrace fixes).
I have filed this as a security bug on debian by the way. So you can
express your opinions about the supposed "inferiority" of their patches
directly to them.
Note - in order to get the descriptor in the first place you need to
have access to the directory and the user to change it down to 700
later. So this is actually of use predominantly under race conditions
and such. Limited use, but some use none the less. I can think of at
least a couple of places where I can wreak some havoc with that.
--
Understanding is a three-edged sword:
your side, their side, and the truth. --Kosh Naranek
A. R. Ivanov
E-mail: anton.ivanov@...-begemot.co.uk
WWW: http://www.kot-begemot.co.uk/
Powered by blists - more mailing lists