Am 20.07.2014 21:15, schrieb Joakim Tjernlund: > Richard Weinberger <[email protected]> wrote on 2014/07/20 14:05:41: >> >> Am 20.07.2014 13:51, schrieb Andreas Schwab: >>> Richard Weinberger <[email protected]> writes: >>>> Do you have an example? >>> >>> proc symlinks are special because they actually resolve to the inode. >> >> Ah. If an attacker manages the kernel to follow the symlink he could >> indirectly access that file. >> Thanks for pointing this out! > > That is a big if, I read this as you don't trust the kernels impl. > of proc sym links so paper over this with denying all other to read > trivial > data such as the exe sym link.
Feel free to propose a solution for that. :-) Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
