Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux
From: Casper.Dik () sun com
Date: Mon, 26 Oct 2009 16:30:34 +0100


Pavel Machek wrote:
On Sat 2009-10-24 01:12:51, Dan Yefimov wrote:
On 24.10.2009 0:35, Matthew Bergin wrote:
doesnt look like the original owner is trying to write to it. Shows it
cant, it had guest write to it via the proc folders bad permissions.
Looks legitimate

Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
attacker? No, that was the owner of 'unwritable_file', nobody else.
What the 0666 file mode means? It means, that everybody can write to
the file, can't he? So why do you believe that pretension
legitimate?

Original owner did chmod 666... after making sure traditional unix
permissions protect the file. Please look at original mail; it was
subtle but I believe I got it right, and file would not be writable
with /proc unmounted.


In Solaris, you don't have permission to access a file in /proc/<pid>/fd unless
you can control the process <pid>.

$ ls -l /proc/1/fd
/proc/1/fd: Permission denied

If you can control <pid>, then clearly you have access the file anyway 
simply by controlling it using a debugger.

I agree with Pavel's assessment here.

Casper


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]