lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87k376siuw.fsf@x220.int.ebiederm.org> Date: Mon, 21 Jul 2014 10:48:55 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Richard Weinberger <richard@....at> Cc: Andreas Schwab <schwab@...ux-m68k.org>, Joakim Tjernlund <joakim.tjernlund@...nsmode.se>, LKML <linux-kernel@...r.kernel.org> Subject: Re: ls -l /proc/1/exe -> Permission denied Richard Weinberger <richard@....at> writes: > Am 20.07.2014 13:51, schrieb Andreas Schwab: >> Richard Weinberger <richard.weinberger@...il.com> writes: >>> Do you have an example? >> >> proc symlinks are special because they actually resolve to the inode. > > Ah. If an attacker manages the kernel to follow the symlink he could > indirectly access that file. > Thanks for pointing this out! We only allow this access for processes that we are allowed to ptrace because knowing intimate details of a process such as which files it has open and in this case which file it is executing can make it more attackable. (Say by looking to see if a processes is still running some old vulnerable version and hasn't been restarted yet). Normally this only applies to processes owned by different users. However some configurations restrict ptrace on processes that you own. You will have to look at the ``security'' modules you have enabled and configured to see what that policy is, to see why you aren't allowed to access your own processes. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists