Neil Brown <[email protected]> writes:
> On Thursday April 6, [email protected] wrote:
>> > > I have concerns about security policy ...
>> >
>> > I'm not sure I understand. Only if you run that program, and if you
>> > don't have access to the intermediate directory, how do you run it?
>>
>> It leaks information about the parts of the pathname below the
>> directory that you otherwise would not be able to see. E.g. if
>> I have $HOME/top-secret-projects/secret-code-name1/binary
>> where the top-secret-projects directory isn't readable by you,
>> then you may find out secret-code-name1 by reading the
>> /proc/{pid}/exedir symlink.
>
> But we already have /proc/{pid}/exe which is a symlink to the
> executable, thus exposing all the directory names already.
Neither of which should be readable by anyone but the owner of the
process, which is the one who was able to read the secret directory in the
first place.
Andreas.
--
Andreas Schwab, SuSE Labs, [email protected]
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]