Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: Anton Ivanov <arivanov () sigsegv cx>
Date: Sat, 24 Oct 2009 07:47:51 +0100
Following your logic we should all abandon directory permissions and stick to file-only ones. Hmm... Dunno, probably the blood level in my coffee subsystem is too high this morning, but I do not quite relish that idea. There is a very valid case of trying to restrict access via directory permissions. Suppose you have a binary program that uses its own directory but for whatever reason keeps scribbling in files with wrong permission in it. While I cannot think of a current example, out of the older ones at least one of the Word Perfect versions for linux used to do that. By tightening up the protection on the directory the sysadmin can mitigate the problem. It is in fact the standard way of doing this. On Sat, 2009-10-24 at 01:12 +0400, Dan Yefimov wrote:
On 24.10.2009 0:35, Matthew Bergin wrote:doesnt look like the original owner is trying to write to it. Shows it cant, it had guest write to it via the proc folders bad permissions. Looks legitimatePlease tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker? No, that was the owner of 'unwritable_file', nobody else. What the 0666 file mode means? It means, that everybody can write to the file, can't he? So why do you believe that pretension legitimate?
-- Understanding is a three-edged sword: your side, their side, and the truth. --Kosh Naranek A. R. Ivanov E-mail: aivanov () sigsegv cx WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov <arivanov () sigsegv cx> Fingerprint: C824 CBD7 EE4B D7F8 5331 89D5 FCDA 572E DDE5 E715
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- Re: /proc filesystem allows bypassing directory permissions on Linux Glynn Clements (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Casper . Dik (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Martin Rex (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Anton Ivanov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Ivan Jager (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux Klaus Lichtenwalder (Oct 26)