Date: Sat, 15 Jun 2002 15:18:49 +0200 (CEST) From: Serge van den Boom <svdb@stack.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/39329: '..' at mountpoint is subject to the permissions of the shadowed dir Message-ID: <20020615131849.BABED63@inferno.stuiver.net>
next in thread | raw e-mail | index | archive | help
>Number: 39329 >Category: kern >Synopsis: '..' at mountpoint is subject to the permissions of the shadowed dir >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 15 06:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Serge van den Boom >Release: FreeBSD 4.5-RELEASE i386 >Organization: Eindhoven University of Technology >Environment: System: FreeBSD inferno.stuiver.net 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Sun Mar 17 04:23:07 CET 2002 svdb@inferno.stuiver.net:/usr/src/sys/compile/INFERNO i386 >Description: If you have a dir which is not readable by someone, and you mount a filesystem at that location, the permissions the new filesystem gives to the dir will be the ones used. Only when you try to access '..', which appears to be generated by the kernel to point to the parent dir of the mount location, the permissions of the original dir will be used to determine if you're allowed to. >How-To-Repeat: # mkdir /mnt/tmp # chown root:wheel /mnt/tmp # chmod 700 /mnt/tmp # mount somefs /mnt/tmp # chmod 755 /mnt/tmp # ls -lad /mnt/tmp/.* drwxr-xr-x 4 root wheel 512 Jun 15 15:20 /mnt/tmp/. drwxr-xr-x 6 root wheel 512 Jun 15 15:20 /mnt/tmp/.. $ ls -lad /mnt/tmp/.* ls: /mnt/tmp/..: Permission denied drwxr-xr-x 4 root wheel 512 Jun 15 15:20 /mnt/tmp/. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020615131849.BABED63>