Date: Sun, 07 Nov 1999 02:25:55 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Procfs' pointers to files. Message-ID: <382464A3.F8A3ADA7@newsguy.com> References: <199910291530.aa28972@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
David Malone wrote: > > However, procfs currently allows people to do this with an executables > file. You can make hard links to and run /proc/nnn/file as it is > essentially another hard link to the executable file. This could > be a problem if you have suid executables protected by nonexecutable > directories, as people can steal copies of the file while it is > running. > > Is this a real problem, or is it a "well don't protect suid > executables that way" problem? The permissions used in Linux's > /proc seem to be more conservative and seem to prevent this. Err... I don't see the problem. The permissions of the hardlink will be different, so the user might be able to see the "code", but won't be able to run the suid (because the hardlink won't have the suid bit set). As for not seeing the code, "security by obscurity..." -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org What y'all wanna do? Wanna be hackers? Code crackers? Slackers Wastin' time with all the chatroom yakkers? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?382464A3.F8A3ADA7>