Re: /proc filesystem allows bypassing directory permissions on L
On 24.10.2009 2:39, Pavel Machek wrote:
>>> Original owner did chmod 666... after making sure traditional unix
>>> permissions protect the file. Please look at original mail; it was
>>> subtle but I believe I got it right, and file would not be writable
>>> with /proc unmounted.
>>>
>> I remember the original mail content. You're right, you can't reach
>> the file if the procfs is not mounted, but you forget about the
>> race, allowing the guest to create a hardlink to the file in an
>> unrestricted location before the directory access becomes
>> restricted. Again, procfs is just another, specific kind of
>> hardlinks.
>
> Check it again. There's no race; I check link count before chmod 666.
I didn't see real commands checking the link count, just comments telling about
it. Not to tell about your script is broken by design. With what object do you
'chmod 0666 unwritable_file', if that file is not designed for access by anybody
other than you? This is a rhetorical question.
--
Sincerely Your, Dan.
討論串 (同標題文章)
完整討論串 (本文為第 7 之 44 篇):