[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: /proc filesystem allows bypassing directory permissions on Linux
On 24.10.2009 2:05, Pavel Machek wrote:
I remember the original mail content. You're right, you can't reach the file if
the procfs is not mounted, but you forget about the race, allowing the guest to
create a hardlink to the file in an unrestricted location before the directory
access becomes restricted. Again, procfs is just another, specific kind of
On Sat 2009-10-24 01:12:51, Dan Yefimov wrote:
On 24.10.2009 0:35, Matthew Bergin wrote:
doesnt look like the original owner is trying to write to it. Shows it
cant, it had guest write to it via the proc folders bad permissions.
Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
attacker? No, that was the owner of 'unwritable_file', nobody else.
What the 0666 file mode means? It means, that everybody can write to
the file, can't he? So why do you believe that pretension
Original owner did chmod 666... after making sure traditional unix
permissions protect the file. Please look at original mail; it was
subtle but I believe I got it right, and file would not be writable
with /proc unmounted.
Sincerely Your, Dan.