|
|
 |
| New User, Welcome! Login |
Re: /proc filesystem allows bypassing directory permissions on Linux
| From: |
Dan Yefimov <dan lightwave net ru> |
| To: |
Pavel Machek <pavel ucw cz> |
| Cc: |
peak argo troja mff cuni cz, psz maths usyd edu au, bugtraq securityfocus com |
| Subject: |
Re: /proc filesystem allows bypassing directory permissions on Linux |
| Date: |
Mon - Oct 26, 2009 08:56 AM |
On 26.10.2009 18:06, Pavel Machek wrote:
> On Mon 2009-10-26 15:37:50, Dan Yefimov wrote:
>> On 26.10.2009 13:54, psz@maths.usyd.edu.au wrote:
>>> Dear Dan,
>>>
>>>> ... in authentic kernels /proc/<PID>/fd/<FD> are symlinks ...
>>>
>>> They appear to /bin/ls as symlinks, but observation suggests that they
>>> "act" as hardlinks. Could that be fixed somehow? (I did look at the
>>> kernel fs/proc/base.c but did not make much sense to me...)
>>>
>> Just looked more carefully at fs/proc/base.c. That behavior is due
>> to proc_fd_info() called from proc_fd_link() obtains file->f_path,
>> that in turn contains the reference to the open file dentry and
>> hence inode. That's exactly why those symlinks behave as hardlinks.
>> This behavior assumes, that if you were able to open the file,
>> you've all necessary transition permissions to access it's inode.
>> But in order to follow them you need privileges to read the process
>> memory, which hardly restricts the impact of this behavior. I don't
>> think this should be fixed, since /proc/<PID>/fd/ is mainly for
>> debugging purposes.
>
> guest certianly does not have permission to ptrace() pavel's
> processes, so...
But guest has permissions to ptrace() his own processes. If we remember your
original report, he abuses input redirection of bash run by himself. So again,
there's no real security hole here.
--
Sincerely Your, Dan.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
