Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752107AbaGTLUF (ORCPT ); Sun, 20 Jul 2014 07:20:05 -0400 Received: from gw1.transmode.se ([195.58.98.146]:51447 "EHLO gw1.transmode.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751995AbaGTLUE (ORCPT ); Sun, 20 Jul 2014 07:20:04 -0400 In-Reply-To: References: <87lhrpayl4.fsf@igel.home> <87fvhwxps6.fsf@igel.home> To: Richard Weinberger Cc: LKML , Andreas Schwab MIME-Version: 1.0 Subject: Re: ls -l /proc/1/exe -> Permission denied X-KeepSent: CEE18EFA:1A4893C0-C1257D1B:003DFC8D; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.5.3 September 15, 2011 From: Joakim Tjernlund Message-ID: Date: Sun, 20 Jul 2014 13:19:58 +0200 X-MIMETrack: Serialize by Router on mail1/Transmode(Release 8.5.3FP6|November 21, 2013) at 20/07/2014 13:19:58, Serialize complete at 20/07/2014 13:19:58 Content-Type: text/plain; charset="US-ASCII" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Richard Weinberger wrote on 2014/07/20 13:06:30: > > On Sun, Jul 20, 2014 at 12:55 PM, Andreas Schwab wrote: > > Joakim Tjernlund writes: > > > >> Andreas Schwab wrote on 2014/07/19 22:21:59: > >>> > >>> Joakim Tjernlund writes: > >>> > >>> > Trying to real /proc//exe I noticed I could not read links not > >>> > belonging to my user such as: > >>> > jocke > ls -l /proc/1/exe > >>> > ls: cannot read symbolic link /proc/1/exe: Permission > >> denied > >>> > > >>> > Is this expected? > >>> > >>> Yes. This information is considered private. > >> > >> I don't understand why though. > > > > It would allow bypassing access restrictions. > > Do you have an example? > I'm asking because an attacker could make any symlink as he wants to. > A ln -s /etc/shadow lala still does not give me access to shadow... precisely, I just want to see what it is pointing too. Also, the links privs are inconsistent with current behaviour: lrwxrwxrwx 1 root root 0 Jul 15 19:03 exe Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/