lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jul 2014 00:05:06 +0200 From: Joakim Tjernlund <joakim.tjernlund@...nsmode.se> To: Richard Weinberger <richard@....at> Cc: LKML <linux-kernel@...r.kernel.org>, Andreas Schwab <schwab@...ux-m68k.org> Subject: Re: ls -l /proc/1/exe -> Permission denied Richard Weinberger <richard@....at> wrote on 2014/07/20 22:00:02: > > Am 20.07.2014 21:15, schrieb Joakim Tjernlund: > > Richard Weinberger <richard@....at> wrote on 2014/07/20 14:05:41: > >> > >> Am 20.07.2014 13:51, schrieb Andreas Schwab: > >>> Richard Weinberger <richard.weinberger@...il.com> writes: > >>>> Do you have an example? > >>> > >>> proc symlinks are special because they actually resolve to the inode. > >> > >> Ah. If an attacker manages the kernel to follow the symlink he could > >> indirectly access that file. > >> Thanks for pointing this out! > > > > That is a big if, I read this as you don't trust the kernels impl. > > of proc sym links so paper over this with denying all other to read > > trivial > > data such as the exe sym link. > > Feel free to propose a solution for that. :-) I wish I had one :) Good to know why things are how they are though. I guess there is a reason why proc symlinks resolve to the inode? Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists