Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux
From: Pavel Machek <pavel () ucw cz>
Date: Sat, 24 Oct 2009 00:39:24 +0200

Original owner did chmod 666... after making sure traditional unix
permissions protect the file. Please look at original mail; it was
subtle but I believe I got it right, and file would not be writable
with /proc unmounted.

I remember the original mail content. You're right, you can't reach
the file if the procfs is not mounted, but you forget about the
race, allowing the guest to create a hardlink to the file in an
unrestricted location before the directory access becomes
restricted. Again, procfs is just another, specific kind of
hardlinks.

Check it again.  There's no race; I check link count before chmod 666.
                                                                        Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault