Bugtraq mailing list archives
Re: /proc filesystem allows bypassing directory permissions on Linux
From: psz () maths usyd edu au
Date: Thu, 29 Oct 2009 07:04:54 +1100
Dear Dan, You wrote:
User1 creates file with permissions 0644 User2 opens file for read access on file descriptor 4 User1 chmod's directory to 0700 User1 verifies no hard links to fileHere's a window, during which User2 is able to create a hardlink and that will remain unnoticed by User1. There's no way to perform link check and conditionally do chmod in an atomic manner.
After the directory is mode 700, User2 cannot create hardlinks. There is no window. Checking link counts anytime after the directory has been secured, is fine. --- Looking at older pronouncements: http://www.securityfocus.com/archive/1/507448
in authentic kernels /proc/<PID>/fd/<FD> are symlinks, not anything other.
http://www.securityfocus.com/archive/1/507426
Just looked more carefully at fs/proc/base.c. That behavior is due to proc_fd_info() called from proc_fd_link() obtains file->f_path, that in turn contains the reference to the open file dentry and hence inode. That's exactly why those symlinks behave as hardlinks. ... ... I don't think this should be fixed ...
There is a self-contradiction, and a problem which might be fixed. Only matter for debate (by opinionated people) is whether it should be fixed. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Current thread:
- /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Stephen Harris (Oct 26)
- Re: /proc filesystem allows bypassing directory permissions on Linux Vincent Zweije (Oct 27)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 28)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Vincent Zweije (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 29)
- Re: /proc filesystem allows bypassing directory permissions on Linux Jim Paris (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Marco Verschuur (Oct 30)
- Message not available
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux psz (Oct 30)
- Re: /proc filesystem allows bypassing directory permissions on Linux Pavel Machek (Oct 23)
- Re: /proc filesystem allows bypassing directory permissions on Linux Dan Yefimov (Oct 23)