Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on
From: Pavel Machek <pavel () ucw cz>
Date: Mon, 2 Nov 2009 20:53:26 +0100
On Mon 2009-11-02 18:53:19, Martin Rex wrote:
Jim Paris wrote:Therefor it's totally of no influence what you do with the original directory permission. File access has nothing to do with directory permissions...!Right. However the whole point of this discussion is that that is a non-obvious point, there was no other way that the user could have opened that file without the use of /proc.The actual fallacy of the "problem report" is the flawed assumption about what a link count of 1 tells you. The link count of a files tells you the number of hard links that are persisted within the same filesystem. It is _NOT_ a promise that there are no other means to access the inode of the file.
It used to be promise before /proc was mounted.
/proc creates a virtual reference to an inode, and since it is virtual (and in a different filesystem) and not persisted in the original filesystem, you will not see it in the link count of the original filesystem.
Well, there _may_ be other filesystems with similar features, but they are neither common nor mounted by default. Normally, mounting filesystems does not change security properties of rest of the system; and it should be possible to fix in this case. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Martin Rex (Nov 02)
- Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 02)
- Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 03)
- Re: /proc filesystem allows bypassing directory permissions on Martin Rex (Nov 03)
- Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 03)
- Re: /proc filesystem allows bypassing directory permissions on psz (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on psz (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 04)
- Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 03)
- Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 02)
- Re: /proc filesystem allows bypassing directory permissions on Dan Yefimov (Nov 03)