From: Daniel Jacobowitz <dan@debian.org>
To: linux-kernel@vger.kernel.org
Cc: jw schultz <jw@pegasys.ws>
Subject: Re: Why are exe, cwd, and root priviledged bits of information?
Date: Thu, 7 Nov 2002 17:28:54 -0500 [thread overview]
Message-ID: <20021107222854.GA31412@nevyn.them.org> (raw)
In-Reply-To: <20021107221615.GA2249@pegasys.ws>
On Thu, Nov 07, 2002 at 02:16:15PM -0800, jw schultz wrote:
> On Thu, Nov 07, 2002 at 11:05:21AM -0500, Daniel Jacobowitz wrote:
> > On Thu, Nov 07, 2002 at 10:57:06AM -0500, Calin A. Culianu wrote:
> > >
> > > In the /prod/PID subset of procfs, why are the exe, cwd, and root symlinks
> > > considered priviledged information?
> > >
> > > Exe is the big one for me, as this one can be usually infered from reading
> > > /prod/PID/maps. Root I guess can't be inferred in any unpriviledged way,
> > > and neither can cwd. At any rate.. I am not sure behind the philosophy to
> > > make these symlinks' destinations priviledged... can someone clarify
> > > this?
> >
> > This came up a little while ago. The answer is that maps should be
> > priviledged also.
> >
> > For instance:
> > You can protect a directory by giving its parent directory no read
> > permissions. The name of the directory is now secret. You don't want
> > to reveal it in cwd.
> >
>
> Daniel is correct in that the issue came up recently. He
> gives _his_ answer above. If you believe in security
> through obscurity you will agree with him. I don't.
> I will agree that there should be no real reason to need
> access to this information.
>
> With ACLs you will be able to explicitly grant access and
> you won't have to depend on keeping shared info secret.
> Then this will be less of an issue.
I recommend you go think about what security through obscurity actually
_means_. If you think that an unreadable directory and a
randomly-generated subdirectory is security through obscurity, then in
what way is it actually different from a _password_? That's what it
is.
Yes, this is poor-man's-ACLs. It works in a lot of places when ACLs
won't. For instance, an anonymous FTP server...
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
next prev parent reply other threads:[~2002-11-07 22:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-07 15:57 Why are exe, cwd, and root priviledged bits of information? Calin A. Culianu
2002-11-07 16:05 ` Daniel Jacobowitz
2002-11-07 22:16 ` jw schultz
2002-11-07 22:28 ` Daniel Jacobowitz [this message]
2002-11-07 22:41 ` Jesse Pollard
2002-11-08 1:55 ` jw schultz
2002-11-08 6:28 ` Rob Landley
2002-11-07 22:44 ` David Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021107222854.GA31412@nevyn.them.org \
--to=dan@debian.org \
--cc=jw@pegasys.ws \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.