On Tue, Sep 06, 2005 at 08:50:41PM +0200, Frank van Maarseveen wrote:
> On Tue, Sep 06, 2005 at 06:57:37PM +0100, [email protected] wrote:
> > On Tue, Sep 06, 2005 at 07:53:49PM +0200, Frank van Maarseveen wrote:
> > > While I have access to /proc/<pid>, readlink fails with EACCES on
> > >
> > > /proc/<pid>/exe
> > > /proc/<pid>/cwd
> > > /proc/<pid>/root
> > >
> > > even when I own <pid> though it runs with a different effective/saved/fs
> > > uid such as the X server. This is a bit uncomfortable and doesn't
> > > seem right.
> > >
> > > Or is this to make /proc mounting inside a chroot jail safe?
> >
> > suid-root task does chdir() to place you shouldn't be able to access.
> > You do cd /proc/<pid>/cwd and get there anyway. Bad Things Happen...
>
> Ok, but being able to do readlink() does not mean that one can chdir(),
> usually.
follow_link on these guys does _not_ traverse parent directories. So chdir()
checks are more relaxed that way. Even if we made checks on readlink work
differently, we would still get an information leak - e.g. if task had
created a directory with pathname derived from sensitive data and did chdir
there. Being able to kill a task != being able to see pieces of its state...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|