Personally, I think the chap needs ceiling replastered. Too many scratches from the nose being ploughed through it at high velocity. As I said, I did not have the resources to test if he is right or wrong yesterday. Brgds, -- Understanding is a three-edged sword: your side, their side, and the truth. --Kosh Naranek A. R. Ivanov E-mail: aivanov@sigsegv.cx WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov <arivanov@sigsegv.cx> Fingerprint: C824 CBD7 EE4B D7F8 5331 89D5 FCDA 572E DDE5 E715
--- Begin Message ---
- To: Anton Ivanov <anton.ivanov@kot-begemot.co.uk>
- Cc: Matthew Bergin <matt.bergin@hotmail.com>, bugtraq@securityfocus.com
- Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
- From: Dan Yefimov <dan@lightwave.net.ru>
- Date: Sat, 24 Oct 2009 22:36:11 +0400
- Message-id: <4AE3491B.7050700@lightwave.net.ru>
- In-reply-to: <1256407535.26434.7.camel@mare-infinitum.sigsegv.cx>
- References: <20091023171635.GA25235@elf.ucw.cz> <SNT105-W4479911A1CE3200F41D4D5F8BD0@phx.gbl> <4AE21C53.9040702@lightwave.net.ru> <1256366871.11616.12.camel@magrat.sigsegv.cx> <4AE32924.50103@lightwave.net.ru> <1256403548.24148.10.camel@mare-infinitum.sigsegv.cx> <4AE33BE4.2010404@lightwave.net.ru> <1256407535.26434.7.camel@mare-infinitum.sigsegv.cx>
On 24.10.2009 22:05, Anton Ivanov wrote:Thus Debian kernel team should be blamed for that misbehaviour. Don't worry, hardlinks behave just the same way, as you describe. Use authentic Linux kernels, if you dislike that.It works on Debian 2.6.26 out of the box. It is not an obscure patched kernel case I am afraid. If you redir an FD to a file using thus redir-ed FD in /proc allows you to bypass directory permissions for where the file is located. Thankfully, file permissions still apply so you need an app which has silly file perms in a bolted down directory for this. Symlinking the same file to a link on a normal ext3 or nfs filesystem as a sanity check shows correct permission behaviour. If you try to write to that symlink you get permission denied so the permissions on the fs actually work. No need to be root, nothing. It is not a case of "forget to drop EID or something else like that either". It looks like what it says on the tin - permission bypass. Not that I would have expected anything different considering who posted it in the first place.-- Sincerely Your, Dan.
--- End Message ---