|
|
 |
| New User, Welcome! Login |
Re: /proc filesystem allows bypassing directory permissions on Linux
| From: |
Dan Yefimov <dan lightwave net ru> |
| To: |
Anton Ivanov <anton ivanov kot-begemot co uk> |
| Cc: |
Matthew Bergin <matt bergin hotmail com>, bugtraq securityfocus com |
| Subject: |
Re: /proc filesystem allows bypassing directory permissions on Linux |
| Date: |
Sat - Oct 24, 2009 11:11 AM |
On 24.10.2009 22:05, Anton Ivanov wrote:
> It works on Debian 2.6.26 out of the box. It is not an obscure patched
> kernel case I am afraid.
>
> If you redir an FD to a file using thus redir-ed FD in /proc allows you
> to bypass directory permissions for where the file is located.
> Thankfully, file permissions still apply so you need an app which has
> silly file perms in a bolted down directory for this.
>
> Symlinking the same file to a link on a normal ext3 or nfs filesystem as
> a sanity check shows correct permission behaviour. If you try to write
> to that symlink you get permission denied so the permissions on the fs
> actually work.
>
> No need to be root, nothing. It is not a case of "forget to drop EID or
> something else like that either". It looks like what it says on the tin
> - permission bypass.
>
> Not that I would have expected anything different considering who posted
> it in the first place.
>
Thus Debian kernel team should be blamed for that misbehaviour. Don't worry,
hardlinks behave just the same way, as you describe. Use authentic Linux
kernels, if you dislike that.
--
Sincerely Your, Dan.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
