|
|
 |
| New User, Welcome! Login |
Re: /proc filesystem allows bypassing directory permissions on Linux
| From: |
Dan Yefimov <dan lightwave net ru> |
| To: |
nomail nomail com |
| Cc: |
bugtraq securityfocus com |
| Subject: |
Re: /proc filesystem allows bypassing directory permissions on Linux |
| Date: |
Mon - Oct 26, 2009 02:09 PM |
On 26.10.2009 18:14, nomail@nomail.com wrote:
>>> I do not think mounting /proc should change access control semantics.
>>>
>> It didn't in fact change anything. If the guest created hardlink to that file in
>> a unrestricted location, what would you say?
>
> Do your homework and test it. You can't create the hardlink - the link(oldpath,
> newpath) call will fail with EACCES if search permission is denied for any
> directory in oldpath or newpath. Documented in the manpage, and I just tested
> and verified it.
>
Good boy. However, there wasn't worth both citing well known facts to me and
testing them. Remember the scenario from the original mail and try finding a
window, during which creating a hardlink would still work thus evading directory
permissions check.
--
Sincerely Your, Dan.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
