lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1256464016.4005.21.camel@nepomuk.localdomain>
Date: Sun, 25 Oct 2009 10:46:56 +0100
From: Klaus Lichtenwalder <k.lichtenwalder@...puter.org>
To: bugtraq@...urityfocus.com
Subject: Re: /proc filesystem allows bypassing directory permissions on
 Linux

Am Samstag, den 24.10.2009, 01:12 +0400 schrieb Dan Yefimov:
> On 24.10.2009 0:35, Matthew Bergin wrote:
> > doesnt look like the original owner is trying to write to it. Shows it
> > cant, it had guest write to it via the proc folders bad permissions.
> > Looks legitimate
> >
> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker? 
> No, that was the owner of 'unwritable_file', nobody else. What the 0666 file 
> mode means? It means, that everybody can write to the file, can't he? So why do 
> you believe that pretension legitimate?

Well, at first I would say this might definitely somewhat unexpected.
It's correct otoh, that you shouldn't be too lax with files when you
think you "secured" them somewhere in the path... 
But if you think of /proc/x/fd as *hard* links to the files, then the
behavior would not be surprising, which might help...

(You might have this as a "real world scenario" if you have some brain
dead application which you try to secure in this way...)

Klaus

-- 
------------------------------------------------------------------------ 
 Klaus Lichtenwalder, Dipl. Inform.,  http://lklaus.homelinux.org/Klaus/
 PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B  9C62 DB6D 1258 0E9B B6D1


Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ