| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20091026155834.GG25725@elf.ucw.cz> Date: Mon, 26 Oct 2009 16:58:35 +0100 From: Pavel Machek <pavel@....cz> To: Dan Yefimov <dan@...htwave.net.ru> Cc: peak@...o.troja.mff.cuni.cz, psz@...hs.usyd.edu.au, bugtraq@...urityfocus.com Subject: Re: /proc filesystem allows bypassing directory permissions on Linux > >>>guest certianly does not have permission to ptrace() pavel's > >>>processes, so... > >> > >>But guest has permissions to ptrace() his own processes. If we > >>remember your original report, he abuses input redirection of bash > >>run by himself. So again, there's no real security hole here. > > > >guest abuses ptrace permissions on his own processes to write to > >pavel's files... no, that obviously is not security hole :-). > > > guest abuses ptrace permissions on his own processes to write to ANY > file open by his processes, whose permissions explicitly allow > writing to it. Doesn't it trouble you, that guest's processes still I repeat: Show me how to gain write access without using /proc, and I'll agree with you. (To recap: While file permissions allow writing, directory permissions do not allow any access at all. guest has open file descriptor for reading. Trouble is that guest can upgrade file descriptor to one that allows writing.) Can we continue on lkml? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists