Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /proc filesystem allows bypassing directory permissions on

From: Pavel Machek <pavel () ucw cz>
Date: Thu, 29 Oct 2009 21:36:46 +0100
Hi!


There are two conceivable approaches to implementing the open() for
a filedescriptor shown in /proc.  Either go throuh the inode and
check the access permissions on the file at the current time
(which is a sensible implementation and what the kernel seems
to be currently doing), or implement it as a dup() and transfer
of the filedescriptor.  (Tranfering open filedescriptors between
processes can also be done by IPC).  Implemetenting it via dup()
would probably keep the original filedescriptor attributes
(such as read-only) but would require an entirely seperate
approach to access control (who is allowed to dup() that filedescriptor),
and it would create problems:  like you would not be able to look
into files that were opened only for write through /proc, which
would seriously impair the usefulness of the fd-listing in /proc.


Doing it as dup() is indeed the way to go. /proc/*/fd/ already needs
same uid, so...

                                                                Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Previous By Date Next
Previous By Thread Next

Current thread: