From: Andreas Schwab <schwab@suse.de>
To: Neil Brown <neilb@suse.de>
Cc: "Tony Luck" <tony.luck@gmail.com>, "Mike Hearn" <mike@plan99.net>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] Add a /proc/self/exedir link
Date: Fri, 07 Apr 2006 11:15:33 +0200 [thread overview]
Message-ID: <jeirplrbka.fsf@sykes.suse.de> (raw)
In-Reply-To: <17462.6689.821815.412458@cse.unsw.edu.au> (Neil Brown's message of "Fri, 7 Apr 2006 17:52:01 +1000")
Neil Brown <neilb@suse.de> writes:
> On Thursday April 6, tony.luck@gmail.com wrote:
>> > > I have concerns about security policy ...
>> >
>> > I'm not sure I understand. Only if you run that program, and if you
>> > don't have access to the intermediate directory, how do you run it?
>>
>> It leaks information about the parts of the pathname below the
>> directory that you otherwise would not be able to see. E.g. if
>> I have $HOME/top-secret-projects/secret-code-name1/binary
>> where the top-secret-projects directory isn't readable by you,
>> then you may find out secret-code-name1 by reading the
>> /proc/{pid}/exedir symlink.
>
> But we already have /proc/{pid}/exe which is a symlink to the
> executable, thus exposing all the directory names already.
Neither of which should be readable by anyone but the owner of the
process, which is the one who was able to read the secret directory in the
first place.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
next prev parent reply other threads:[~2006-04-07 9:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-03 23:01 [PATCH] Add a /proc/self/exedir link Mike Hearn
2006-04-03 23:26 ` Joshua Hudson
2006-04-03 23:30 ` Neil Brown
2006-04-04 15:54 ` Jan Engelhardt
2006-04-04 21:24 ` Nix
2006-04-05 20:39 ` Eric W. Biederman
2006-04-05 21:52 ` Mike Hearn
2006-04-06 23:33 ` Tony Luck
2006-04-07 7:52 ` Neil Brown
2006-04-07 9:15 ` Andreas Schwab [this message]
2006-04-07 19:10 ` Eric W. Biederman
2006-04-08 8:26 ` Jan Engelhardt
[not found] <5XGlt-GY-23@gated-at.bofh.it>
[not found] ` <5XGOz-1eP-35@gated-at.bofh.it>
2006-04-06 11:39 ` Bodo Eggert
2006-04-06 13:21 ` Mike Hearn
2006-04-06 17:02 ` Bodo Eggert
2006-04-06 19:36 ` Mike Hearn
2006-04-07 18:40 ` Eric W. Biederman
2006-04-07 19:22 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jeirplrbka.fsf@sykes.suse.de \
--to=schwab@suse.de \
--cc=akpm@osdl.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@plan99.net \
--cc=neilb@suse.de \
--cc=tony.luck@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox