Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: /proc filesystem allows bypassing directory permissions on Linux
From: Pavel Machek <pavel () ucw cz>
Date: Mon, 26 Oct 2009 16:58:35 +0100

guest certianly does not have permission to ptrace() pavel's
processes, so...

But guest has permissions to ptrace() his own processes. If we
remember your original report, he abuses input redirection of bash
run by himself. So again, there's no real security hole here.

guest abuses ptrace permissions on his own processes to write to
pavel's files... no, that obviously is not security hole :-).

guest abuses ptrace permissions on his own processes to write to ANY
file open by his processes, whose permissions explicitly allow
writing to it. Doesn't it trouble you, that guest's processes still

I repeat: Show me how to gain write access without using /proc, and
I'll agree with you.

(To recap:

While file permissions allow writing, directory permissions do not
allow any access at all.

guest has open file descriptor for reading.

Trouble is that guest can upgrade file descriptor to one that allows
writing.)

Can we continue on lkml?
                                                                Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]