|
|
 |
| New User, Welcome! Login |
Re: /proc filesystem allows bypassing directory permissions on Linux
| From: |
Pavel Machek <pavel ucw cz> |
| To: |
Dan Yefimov <dan lightwave net ru> |
| Cc: |
bugtraq securityfocus com |
| Subject: |
Re: /proc filesystem allows bypassing directory permissions on Linux |
| Date: |
Fri - Oct 23, 2009 02:28 PM |
On Sat 2009-10-24 01:24:49, Dan Yefimov wrote:
> On 24.10.2009 1:08, Pavel Machek wrote:
> >>That can hardly be called a real security hole, since the behaviour
> >>described above is expected, and is as it was conceived by design.
> >>If the file owner in fact allows writing to it, why should Linux
> >>prevent that from happening?
> >
> >No, I do not think this is expected. You could not write to that file
> >under traditional unix, and you can not write into that file when
> >/proc is unmounted.
> >
> >I do not think mounting /proc should change access control semantics.
> >
> It didn't in fact change anything. If the guest created hardlink to
> that file in a unrestricted location, what would you say? Procfs is
> in that respect just another sort of hardlinks, whether you like
> that or not. If you didn't in fact restrict an access to the file,
> you're on your own.
Now... go back to my original email:
%pavel@toy:/tmp/my_priv$ chmod 700 .
%# relax file permissions, directory is private, so this is safe
%# check link count on unwritable_file. We would not want someone
%# to have a hard link to work around our permissions, would we?
%pavel@toy:/tmp/my_priv$ chmod 666 unwritable_file
Yes, you are right, open file descriptor acts as a kind of hardlink
here. Except that
a) this kind of hardlink does not exist when /proc is mounted (and on
non-Linux)
b) unlike other hardlinks, you can't see it on the link count
(and c) writing to file descriptor opened read-only is bad).
> >Plus, you may run traditional unix/POSIX application, expecting
> >directory access controls to prevent the write. (Or can you see a way
> >to write to that file when /proc is unmounted?)
> >
> Directory permissions control an access just to the directory
> itself, not to the files in it, so your pretensions are in fact
> illegitimate.
Demonstrate how to get access to the file with /proc unmounted and you
have a point. Demonstrate how to get access on anything else then
Linux and you have a point. Otherwise there's a security hole.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
