Re: [PATCH] Add a /proc/self/exedir link

[Eric W. Biederman]

Andreas Schwab <schwab@xxxxxxx> writes:

> Neil Brown <neilb@xxxxxxx> writes:
>
>> On Thursday April 6, tony.luck@xxxxxxxxx wrote:
>>> > > I have concerns about security policy ...
>>> >
>>> > I'm not sure I understand. Only if you run that program, and if you
>>> > don't have access to the intermediate directory, how do you run it?
>>> 
>>> It leaks information about the parts of the pathname below the
>>> directory that you otherwise would not be able to see.  E.g. if
>>> I have $HOME/top-secret-projects/secret-code-name1/binary
>>> where the top-secret-projects directory isn't readable by you,
>>> then you may find out secret-code-name1 by reading the
>>> /proc/{pid}/exedir symlink.
>>
>> But we already have /proc/{pid}/exe which is a symlink to the
>> executable, thus exposing all the directory names already.
>
> Neither of which should be readable by anyone but the owner of the
> process, which is the one who was able to read the secret directory in the
> first place.

In most cases.  It is possible you got the executable through
file descriptor passing and the like.

The security check in -mm allows anyone who may ptrace the
process to have read access.  In 2.6.17-rc1 the check is
still the owner of the process and anyone with CAP_DAC_ACCESS
may read or use the link.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/