Re: symlinks with permissions

From: Pavel Machek
Date: Wed Oct 28 2009 - 17:06:37 EST

Next message: David Rientjes: "Re: [patch] x86: reduce srat verbosity in the kernel log"
Previous message: Maciej W. Rozycki: "Re: is avoiding compat ioctls possible?"
In reply to: Jamie Lokier: "Re: symlinks with permissions"
Next in thread: David Wagner: "Re: symlinks with permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Please see bugtraq discussion at
> > http://seclists.org/bugtraq/2009/Oct/179 .
> >
> > (In short, you get read-only fd, and you can upgrade it to read-write
> > fd. Yes, you are the owner of the process, but you are not owner of
> > the file the fd refers to.)
> >
> > The actual permissions of the file are not ignored, but permissions of
> > the containing directory _are_. If there's 666 file in 700 directory,
> > you can reopen it read-write, in violation of directory's 700
> > permissions.

>
> There is no security violation here. Consider the case where

You are able to write to my files, when unix permissions forbid
that. How do you call that? Strange behaviour of /proc/*/fd/ symlink
that is not really a symlink allows that.

See bugtraq discussion at http://seclists.org/bugtraq/2009/Oct/179 .
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "Re: [patch] x86: reduce srat verbosity in the kernel log"
Previous message: Maciej W. Rozycki: "Re: is avoiding compat ioctls possible?"
In reply to: Jamie Lokier: "Re: symlinks with permissions"
Next in thread: David Wagner: "Re: symlinks with permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]