On Sat 2009-10-24 01:24:49, Dan Yefimov wrote: > On 24.10.2009 1:08, Pavel Machek wrote: > >>That can hardly be called a real security hole, since the behaviour > >>described above is expected, and is as it was conceived by design. > >>If the file owner in fact allows writing to it, why should Linux > >>prevent that from happening? > > > >No, I do not think this is expected. You could not write to that file > >under traditional unix, and you can not write into that file when > >/proc is unmounted. > > > >I do not think mounting /proc should change access control semantics. > > > It didn't in fact change anything. If the guest created hardlink to > that file in a unrestricted location, what would you say? Procfs is > in that respect just another sort of hardlinks, whether you like > that or not. If you didn't in fact restrict an access to the file, > you're on your own. Now... go back to my original email: %pavel@toy:/tmp/my_priv$ chmod 700 . %# relax file permissions, directory is private, so this is safe %# check link count on unwritable_file. We would not want someone %# to have a hard link to work around our permissions, would we? %pavel@toy:/tmp/my_priv$ chmod 666 unwritable_file Yes, you are right, open file descriptor acts as a kind of hardlink here. Except that a) this kind of hardlink does not exist when /proc is mounted (and on non-Linux) b) unlike other hardlinks, you can't see it on the link count (and c) writing to file descriptor opened read-only is bad). > >Plus, you may run traditional unix/POSIX application, expecting > >directory access controls to prevent the write. (Or can you see a way > >to write to that file when /proc is unmounted?) > > > Directory permissions control an access just to the directory > itself, not to the files in it, so your pretensions are in fact > illegitimate. Demonstrate how to get access to the file with /proc unmounted and you have a point. Demonstrate how to get access on anything else then Linux and you have a point. Otherwise there's a security hole. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
