Am Samstag, den 24.10.2009, 01:12 +0400 schrieb Dan Yefimov: > On 24.10.2009 0:35, Matthew Bergin wrote: > > doesnt look like the original owner is trying to write to it. Shows it > > cant, it had guest write to it via the proc folders bad permissions. > > Looks legitimate > > > Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker? > No, that was the owner of 'unwritable_file', nobody else. What the 0666 file > mode means? It means, that everybody can write to the file, can't he? So why do > you believe that pretension legitimate? Well, at first I would say this might definitely somewhat unexpected. It's correct otoh, that you shouldn't be too lax with files when you think you "secured" them somewhere in the path... But if you think of /proc/x/fd as *hard* links to the files, then the behavior would not be surprising, which might help... (You might have this as a "real world scenario" if you have some brain dead application which you try to secure in this way...) Klaus -- ------------------------------------------------------------------------ Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/ PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B 9C62 DB6D 1258 0E9B B6D1
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
