Bug#257504: User can chown/chmod files in /proc

To: submit@bugs.debian.org
Subject: Bug#257504: User can chown/chmod files in /proc
From: "Joerg Hoh" <joerg@devone.org>
Date: Sat, 3 Jul 2004 23:50:47 +0200
Message-id: <[🔎] 20040703215047.GA8244@hydra.joerghoh.de>
Reply-to: "Joerg Hoh" <joerg@devone.org>, 257504@bugs.debian.org

Package: kernel-source-2.6.7
Version: 2.6.7

A user with a local account can change the owner and the permissions of
files in /proc. Affected is at least kernel 2.6.7, but possibly all 2.6.x
kernels.

hydra proc $ cd /proc
hydra proc $ ls -la config.gz 
-r--r--r--  1 root root 6354  3. Jul 23:25 config.gz
hydra proc $ chown joerg config.gz 
hydra proc $ ls -la config.gz 
-r--r--r--  1 joerg root 6354  3. Jul 23:25 config.gz
hydra proc $ chown root config.gz 
hydra proc $ ls -la config.gz 
-r--r--r--  1 root root 6354  3. Jul 23:26 config.gz
hydra proc $ chmod o+x config.gz 
hydra proc $ ls -la config.gz 
-r--r--r-x  1 root root 6354  3. Jul 23:46 config.gz
hydra proc $

SuSE mentioned this bug in
http://article.gmane.org/gmane.comp.security.bugtraq/12316, so there should
be a patch around. 

Jörg

-- 
Fachbegriffe der Informatik (Nr 369): Ursache
- Ursächlich war, dass Windows nicht neu gestartet wurde. 
	Michael Scheer

Reply to:

Follow-Ups:
- Bug#257504: marked as done (User can chown/chmod files in /proc)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: status of 2.6.7 ? (Was Re: Bug#256763: kernel-image-2.6.6-i386: not ready for sarge just yet)
Next by Date: Bug#257469: kernel-source-2.6.7: Unable to build kernel_image
Previous by thread: Bug#257469: kernel-source-2.6.7: Unable to build kernel_image
Next by thread: Bug#257504: marked as done (User can chown/chmod files in /proc)
Index(es):
- Date
- Thread