Re: /proc filesystem allows bypassing directory permissions on L

看板Bugtraq作者dakinzel.時間16年前 (2009/10/27 08:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串27/44 (看更多)

> -----Original Message----- > From: nomail@nomail.com [mailto:nomail@nomail.com] > Sent: Monday, October 26, 2009 9:15 AM > To: bugtraq@securityfocus.com > Subject: Re: Re: /proc filesystem allows bypassing directory > permissions on Linux > > >> I do not think mounting /proc should change access control > semantics. > >> > >It didn't in fact change anything. If the guest created > hardlink to that file in a unrestricted location, what would you say? > > Do your homework and test it. You can't create the hardlink - > the link(oldpath, newpath) call will fail with EACCES if > search permission is denied for any directory in oldpath or > newpath. Documented in the manpage, and I just tested and verified it. > It's creating the hardlink (or setting the fd in /proc) before the director= y is locked down to user-only permissions. You will be allowed access to wh= atever the file allows, despite what the directory permissions are. This se= ems expected to me, since the files will be the same inode. If I'm followin= g this correctly it comes down to some distributions treating /proc/*/fd/* = as hardlinks, for whatever reason. > > Fact is, directory permissions are relevant in Unix. Despite > it's permissions, under the Unix access permission semantics > the file is unwriteable for anyone but the owner, and this > bug pokes a hole into that. > ------------------------------------------------------------------------ This email and its contents are private and confidential, for the sole use = of the addressees. If you are not an intended recipient, copying, forwardin= g or other distribution of this email or its contents by any means is prohi= bited. If you believe that you received this email in error please notify t= he original sender immediately. Petro-Canada is a Suncor Energy business. ------------------------ Ce courriel et son contenu sont priv?s et confidentiels, et sont destin?s ?= l'usage exclusif des destinataires. Si vous n'?tes pas le destinataire pr?= vu, toute reproduction, transfert ou autre forme de diffusion de ce courrie= l ou de son contenu par quelque moyen que ce soit est interdit. Si vous cro= yez avoir re?u ce courriel par erreur, veuillez en aviser l'exp?diteur orig= inal imm?diatement. Petro-Canada est une entreprise de Suncor ?nergie.

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 dakinzel. 的文章

文章代碼(AID): #1AvZ-2Qy (Bugtraq)