Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: Pavel Machek <pavel () ucw cz>
Date: Wed, 28 Oct 2009 22:30:37 +0100
On Tue 2009-10-27 11:49:32, CaT wrote:
On Tue, Oct 27, 2009 at 12:29:09AM +0300, Dan Yefimov wrote:and testing them. Remember the scenario from the original mail and try finding a window, during which creating a hardlink would still work thus evading directory permissions check.The main thing this does is allow a hardlink-like attack to work across mountpoints afaics.
Yes, plus it allows "hardlinks" on deleted files, and this "strange hard links" can not be seen on link count.
You can't actually use /proc/*/fd to gain access to files opened by processes you do not own. Only ones you do (at least in a mainline kernel) which is fair enough. This means that you can't have user a open a file owned by user b and then let user c have access to it via /proc/$pid/fd.
No, but you can upgrade file from read-only to read-write using /proc. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- Re: /proc filesystem allows bypassing directory permissions on Linux Tony Finch (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Matthew Dempsky (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux Glynn Clements (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Kinzel, David (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux CaT (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux CaT (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 27)