| |||||||||||||
/proc and directory permissions/proc and directory permissionsPosted Oct 30, 2009 0:33 UTC (Fri) by giraffedata (subscriber, #1954)In reply to: /proc and directory permissions by jimparis Parent article: /proc and directory permissions There's something missing from the explanation of why this is a problem, because the basic idea that you can open a file before permissions to it are supposedly revoked and then keep using the file doesn't require any /proc/PID/fd magic. The scenarios show an attacker opening read-only and then escalating to read-write after some permissions were changed, but the attacker could just as easily have opened read-write in the first place. Are we supposed to imagine some scenario in which the system administrator ensures only read-only opens have happened at the time he changes the directory permission and thus assumes the file is safe from writing?
(Log in to post comments)
/proc and directory permissions Posted Oct 30, 2009 3:26 UTC (Fri) by jimparis (subscriber, #38647) [Link]
> The scenarios show an attacker opening read-only and then escalating to
> read-write after some permissions were changed
No it didn't. No permissions were changed between the time the attacker had a read-only fd and when the attacker managed to get a read-write fd.
- The attacker could not open the file (neither read-only nor read-write)
No permissions changes were involved, this is not a race condition.
|
|||||||||||||