[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc filesystem allows bypassing directory permissions on Linux

To: Tony Finch <dot@xxxxxxxx>
Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
From: Matthew Dempsky <matthew@xxxxxxxxxxx>
Date: Mon, 26 Oct 2009 15:48:22 -0700

On Mon, Oct 26, 2009 at 9:01 AM, Tony Finch <dot@xxxxxxxx> wrote:
> Attacker uses openat() to open and modify the "private" file.

At least with Linux 2.6.18, you still need +x permission on the
directory to access its contents using openat(2).

Follow-Ups:
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Tony Finch

References:
- /proc filesystem allows bypassing directory permissions on Linux
  - From: Pavel Machek
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Tony Finch

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Index(es):
- Date
- Thread