Richard Weinberger <[email protected]> wrote on 2014/07/20 22:00:02: > > Am 20.07.2014 21:15, schrieb Joakim Tjernlund: > > Richard Weinberger <[email protected]> wrote on 2014/07/20 14:05:41: > >> > >> Am 20.07.2014 13:51, schrieb Andreas Schwab: > >>> Richard Weinberger <[email protected]> writes: > >>>> Do you have an example? > >>> > >>> proc symlinks are special because they actually resolve to the inode. > >> > >> Ah. If an attacker manages the kernel to follow the symlink he could > >> indirectly access that file. > >> Thanks for pointing this out! > > > > That is a big if, I read this as you don't trust the kernels impl. > > of proc sym links so paper over this with denying all other to read > > trivial > > data such as the exe sym link. > > Feel free to propose a solution for that. :-)
I wish I had one :) Good to know why things are how they are though. I guess there is a reason why proc symlinks resolve to the inode? Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
