[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: /proc filesystem allows bypassing directory permissions on Linux
On 29.10.2009 0:27, Pavel Machek wrote:
Do you still remember about openat()? If the directory was created with 0700
mode from the origin, you would be right, and procfs wouldn't allow opening
files in that directory too, but if you let others to traverse that directory
and open your believed to be secure files from the origin, it's your fault.
That race is easily fixed.
No, you're not right.
After chmodding the directory to 0700, *first*
check the link count, *then* chmod the file to 0666:
User1 creates file with permissions 0644
User2 opens file for read access on file descriptor 4
User1 chmod's directory to 0700
User1 verifies no hard links to file
Here's a window, during which User2 is able to create a hardlink and
that will remain unnoticed by User1. There's no way to perform link
check and conditionally do chmod in an atomic manner.
0700 on directory prevents hardlink creation, see?
Sincerely Your, Dan.