Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux

From: Dan Yefimov <dan () lightwave net ru>
Date: Sat, 24 Oct 2009 02:55:12 +0400

On 24.10.2009 2:39, Pavel Machek wrote:

Original owner did chmod 666... after making sure traditional unix
permissions protect the file. Please look at original mail; it was
subtle but I believe I got it right, and file would not be writable
with /proc unmounted.

I remember the original mail content. You're right, you can't reach
the file if the procfs is not mounted, but you forget about the
race, allowing the guest to create a hardlink to the file in an
unrestricted location before the directory access becomes
restricted. Again, procfs is just another, specific kind of
hardlinks.


Check it again.  There's no race; I check link count before chmod 666.

I didn't see real commands checking the link count, just comments telling aboutit. Not to tell about your script is broken by design. With what object do you'chmod 0666 unwritable_file', if that file is not designed for access by anybodyother than you? This is a rhetorical question.

--

Sincerely Your, Dan.

Current thread:

Re: /proc filesystem allows bypassing directory permissions on Linux, (continued)
- - - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
  - Re: /proc filesystem allows bypassing directory permissions on Linux Derek Martin (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Ansgar Wiechers (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Derek Martin (Oct 28)
    - Re: /proc filesystem allows bypassing directory permissions on Linux CaT (Oct 29)
  - Message not available
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Arturo 'Buanzo' Busleiman (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Tamber Penketh (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 27)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Glynn Clements (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Casper . Dik (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 26)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 27)
    - Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 27)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 28)
    - Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)

(Thread continues...)