Re: [PATCH] Add a /proc/self/exedir link

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andreas Schwab <[email protected]> writes:

> Neil Brown <[email protected]> writes:
>
>> On Thursday April 6, [email protected] wrote:
>>> > > I have concerns about security policy ...
>>> >
>>> > I'm not sure I understand. Only if you run that program, and if you
>>> > don't have access to the intermediate directory, how do you run it?
>>> 
>>> It leaks information about the parts of the pathname below the
>>> directory that you otherwise would not be able to see.  E.g. if
>>> I have $HOME/top-secret-projects/secret-code-name1/binary
>>> where the top-secret-projects directory isn't readable by you,
>>> then you may find out secret-code-name1 by reading the
>>> /proc/{pid}/exedir symlink.
>>
>> But we already have /proc/{pid}/exe which is a symlink to the
>> executable, thus exposing all the directory names already.
>
> Neither of which should be readable by anyone but the owner of the
> process, which is the one who was able to read the secret directory in the
> first place.

In most cases.  It is possible you got the executable through
file descriptor passing and the like.

The security check in -mm allows anyone who may ptrace the
process to have read access.  In 2.6.17-rc1 the check is
still the owner of the process and anyone with CAP_DAC_ACCESS
may read or use the link.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux