Re: /proc filesystem allows bypassing directory permissions on Linux
- From: Dan Yefimov <dan@xxxxxxxxxxxxxxxx>
- Date: Tue, 27 Oct 2009 00:29:09 +0300
On 26.10.2009 18:14, nomail@xxxxxxxxxx wrote:
>> a unrestricted location, what would you say?I do not think mounting /proc should change access control semantics.It didn't in fact change anything. If the guest created hardlink to that file in
> newpath) call will fail with EACCES if search permission is denied for any
Do your homework and test it. You can't create the hardlink - the link(oldpath,
> directory in oldpath or newpath. Documented in the manpage, and I just tested
> and verified it.
Good boy. However, there wasn't worth both citing well known facts to me and testing them. Remember the scenario from the original mail and try finding a window, during which creating a hardlink would still work thus evading directory permissions check.
--
Sincerely Your, Dan.
- Follow-Ups:
- References:
- Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
- Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
- Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
- Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
- Index(es):
Relevant Pages
|
