Richard Weinberger <[email protected]> wrote on 2014/07/20 14:05:41: > > Am 20.07.2014 13:51, schrieb Andreas Schwab: > > Richard Weinberger <[email protected]> writes: > >> Do you have an example? > > > > proc symlinks are special because they actually resolve to the inode. > > Ah. If an attacker manages the kernel to follow the symlink he could > indirectly access that file. > Thanks for pointing this out!
That is a big if, I read this as you don't trust the kernels impl. of proc sym links so paper over this with denying all other to read trivial data such as the exe sym link. Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
