Re: /proc filesystem allows bypassing directory permissions on Linux

[Dan Yefimov <dan () lightwave net ru>]

On 24.10.2009 22:05, Anton Ivanov wrote:
> It works on Debian 2.6.26 out of the box. It is not an obscure patched
> kernel case I am afraid.
>
> If you redir an FD to a file using thus redir-ed FD in /proc allows you
> to bypass directory permissions for where the file is located.
> Thankfully, file permissions still apply so you need an app which has
> silly file perms in a bolted down directory for this.
>
> Symlinking the same file to a link on a normal ext3 or nfs filesystem as
> a sanity check shows correct permission behaviour. If you try to write
> to that symlink you get permission denied so the permissions on the fs
> actually work.
>
> No need to be root, nothing. It is not a case of "forget to drop EID or
> something else like that either". It looks like what it says on the tin
> - permission bypass.
>
> Not that I would have expected anything different considering who posted
> it in the first place.
Thus Debian kernel team should be blamed for that misbehaviour. Don't worry, 
hardlinks behave just the same way, as you describe. Use authentic Linux 
kernels, if you dislike that.
--

Sincerely Your, Dan.