Re: /proc filesystem allows bypassing directory permissions on L
On 26.10.2009 13:54, psz@maths.usyd.edu.au wrote:
> Dear Dan,
>
>> ... in authentic kernels /proc/<PID>/fd/<FD> are symlinks ...
>
> They appear to /bin/ls as symlinks, but observation suggests that they
> "act" as hardlinks. Could that be fixed somehow? (I did look at the
> kernel fs/proc/base.c but did not make much sense to me...)
>
Just looked more carefully at fs/proc/base.c. That behavior is due to
proc_fd_info() called from proc_fd_link() obtains file->f_path, that in turn
contains the reference to the open file dentry and hence inode. That's exactly
why those symlinks behave as hardlinks. This behavior assumes, that if you were
able to open the file, you've all necessary transition permissions to access
it's inode. But in order to follow them you need privileges to read the process
memory, which hardly restricts the impact of this behavior. I don't think this
should be fixed, since /proc/<PID>/fd/ is mainly for debugging purposes.
--
Sincerely Your, Dan.
討論串 (同標題文章)
完整討論串 (本文為第 16 之 44 篇):