[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc filesystem allows bypassing directory permissions on Linux

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
From: Ansgar Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Date: Mon, 26 Oct 2009 19:37:38 +0100

On 2009-10-24 Derek Martin wrote:
> 1. It circumvents the fact that to write to a file, you MUST be able
> to write to its directory, so that the file attributes can be updated.

Wrong, because the file's attributes aren't stored in the directory, but
in the respective inode.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Follow-Ups:
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Derek Martin

References:
- /proc filesystem allows bypassing directory permissions on Linux
  - From: Pavel Machek
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Dan Yefimov
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Derek Martin

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Index(es):
- Date
- Thread