| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Jul 2014 13:19:58 +0200 From: Joakim Tjernlund <joakim.tjernlund@...nsmode.se> To: Richard Weinberger <richard.weinberger@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Andreas Schwab <schwab@...ux-m68k.org> Subject: Re: ls -l /proc/1/exe -> Permission denied Richard Weinberger <richard.weinberger@...il.com> wrote on 2014/07/20 13:06:30: > > On Sun, Jul 20, 2014 at 12:55 PM, Andreas Schwab <schwab@...ux-m68k.org> wrote: > > Joakim Tjernlund <joakim.tjernlund@...nsmode.se> writes: > > > >> Andreas Schwab <schwab@...ux-m68k.org> wrote on 2014/07/19 22:21:59: > >>> > >>> Joakim Tjernlund <joakim.tjernlund@...nsmode.se> writes: > >>> > >>> > Trying to real /proc/<pid>/exe I noticed I could not read links not > >>> > belonging to my user such as: > >>> > jocke > ls -l /proc/1/exe > >>> > ls: cannot read symbolic link /proc/1/exe: Permission > >> denied > >>> > > >>> > Is this expected? > >>> > >>> Yes. This information is considered private. > >> > >> I don't understand why though. > > > > It would allow bypassing access restrictions. > > Do you have an example? > I'm asking because an attacker could make any symlink as he wants to. > A ln -s /etc/shadow lala still does not give me access to shadow... precisely, I just want to see what it is pointing too. Also, the links privs are inconsistent with current behaviour: lrwxrwxrwx 1 root root 0 Jul 15 19:03 exe Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists