| New User, Welcome! Login |
Re: /proc filesystem allows bypassing directory permissions on Linux
| From: |
psz maths usyd edu au |
| To: |
bugtraq securityfocus com, dot dotat at, pavel ucw cz |
| Cc: |
|
| Subject: |
Re: /proc filesystem allows bypassing directory permissions on Linux |
| Date: |
Mon - Oct 26, 2009 05:46 PM |
Tony Finch <dot@dotat.at> wrote:
> Attacker opens [directory] and waits. ...
> Attacker uses openat() to open and modify the "private" file.
Surely if the permissions do not allow lookup then openat() will fail.
[The attacker opened directory when it was searcheable; then permissions
were closed; then attacker attempts openat().] Surely directory contents
are not cached??!!
Cheers, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
