Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux

From: Joel Maslak <jmaslak () antelope net>
Date: Mon, 26 Oct 2009 12:14:03 -0600

On Oct 23, 2009, at 3:56 PM, Pavel Machek <pavel () ucw cz> wrote:

Demonstrate how to get access to the file with /proc unmounted and you
have a point. Demonstrate how to get access on anything else then
Linux and you have a point. Otherwise there's a security hole.

If the directory is mounted via NFS or is exported there are severalways...so software written to assume directory permissions aresufficent to protect users from other unpriveliged users is broken ingeneral. Even if it is usually secure enough on non-Linux. It is notalways.

Current thread:

Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- - - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 29)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
    - Message not available
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Joel Maslak (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)

(Thread continues...)