Re: /proc filesystem allows bypassing directory permissions on Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: /proc filesystem allows bypassing directory permissions on Linux
From: Matthew Dempsky <matthew@xxxxxxxxxxx>
Date: Mon, 26 Oct 2009 15:48:22 -0700
Cc: pavel@xxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <E1N2S0i-0005MZ-00@xxxxxxxxxxxxxxxxxxxxxx>

On Mon, Oct 26, 2009 at 9:01 AM, Tony Finch <dot@xxxxxxxx> wrote:
> Attacker uses openat() to open and modify the "private" file.

At least with Linux 2.6.18, you still need +x permission on the
directory to access its contents using openat(2).

Follow-Ups:
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Tony Finch

References:
- /proc filesystem allows bypassing directory permissions on Linux
  - From: Pavel Machek
- Re: /proc filesystem allows bypassing directory permissions on Linux
  - From: Tony Finch

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by thread: Re: /proc filesystem allows bypassing directory permissions on Linux
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux