Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: CaT <cat () zip com au>
Date: Thu, 29 Oct 2009 08:58:37 +1100
On Tue, Oct 27, 2009 at 03:34:04PM -0500, Derek Martin wrote:
$ mkdir foo $ cd foo $ echo hi > bar $ ls -la total 12 drwxr-xr-x 2 user1 group1 4096 2009-10-27 16:22 ./ drwx------ 57 user1 group1 4096 2009-10-27 16:22 ../ -rw-r--r-- 1 user1 group1 3 2009-10-27 16:22 bar $ chmod 000 . $ echo bye > bar -bash: bar: Permission denied
I think that fails because you've removed the search bits from the dir so bash no longer has permissions to -find- the file. Eg: $ mkdir test $ cd test $ echo moo >cow $ chmod 600 . $ echo meow >cow bash: cow: Permission denied
The problem with the /proc interface is: - it is automatic (if /proc is mounted) - its file access semantics are not identical to the rest of the file system (e.g. they are not really symlinks, and they are not really hard links, and the link count is not incremented, and the average person will have no idea about their semantics). - it creates a pseudo-link with permissions which do not regard the directory access controls the user had to pass authorization checks to gain access.
Would the file descriptor work differently if the program that opened the file changed it after the victim changed the permissions on the directory? It should be noted that 2 users have access to /proc/$pid/fd/$fd - the user the program is running as and root (at least that is the case on my linux system). -- "A search of his car uncovered pornography, a homemade sex aid, women's stockings and a Jack Russell terrier." - http://www.news.com.au/story/0%2C27574%2C24675808-421%2C00.html
Current thread:
- Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Ansgar Wiechers (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Derek Martin (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux CaT (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Arturo 'Buanzo' Busleiman (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Tamber Penketh (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 27)