Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux
From: Anton Ivanov <anton.ivanov () kot-begemot co uk>
Date: Sat, 24 Oct 2009 20:27:25 +0100



Not that I would have expected anything different considering who posted
it in the first place.

Thus Debian kernel team should be blamed for that misbehaviour. Don't worry, 
hardlinks behave just the same way, as you describe. Use authentic Linux 
kernels, if you dislike that.

Just tested it on my colo where the provider is using some homebrew
derived from the upstream Linux kernel. In any case Pavel was most
likely using Suse and I asked someone to give it a go on one of all
Ubuntu varieties. So even if it is not present upstream it is in a patch
which more than one distro has adopted (f.e. ptrace fixes).

I have filed this as a security bug on debian by the way. So you can
express your opinions about the supposed "inferiority" of their patches
directly to them. 

Note - in order to get the descriptor in the first place you need to
have access to the directory and the user to change it down to 700
later. So this is actually of use predominantly under race conditions
and such. Limited use, but some use none the less. I can think of at
least a couple of places where I can wreak some havoc with that.

-- 
   Understanding is a three-edged sword:
            your side, their side, and the truth. --Kosh Naranek

A. R. Ivanov
E-mail:  anton.ivanov () kot-begemot co uk
WWW:     http://www.kot-begemot.co.uk/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]