[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc filesystem allows bypassing directory permissions on Linux

To: nomail@xxxxxxxxxx
Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
From: Dan Yefimov <dan@xxxxxxxxxxxxxxxx>
Date: Tue, 27 Oct 2009 00:29:09 +0300

On 26.10.2009 18:14, nomail@xxxxxxxxxx wrote:

I do not think mounting /proc should change access control semantics.

It didn't in fact change anything. If the guest created hardlink to that file in

>> a unrestricted location, what would you say?


Do your homework and test it. You can't create the hardlink - the link(oldpath,

> newpath) call will fail with EACCES if search permission is denied for any
> directory in oldpath or newpath. Documented in the manpage, and I just tested
> and verified it.

Good boy. However, there wasn't worth both citing well known facts to me andtesting them. Remember the scenario from the original mail and try finding awindow, during which creating a hardlink would still work thus evading directorypermissions check.

--

Sincerely Your, Dan.

Follow-Ups:
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: CaT

References:
- Re: Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: nomail

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Index(es):
- Date
- Thread