Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753233AbaGTTPf (ORCPT ); Sun, 20 Jul 2014 15:15:35 -0400 Received: from gw1.transmode.se ([195.58.98.146]:58616 "EHLO gw1.transmode.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752802AbaGTTPe (ORCPT ); Sun, 20 Jul 2014 15:15:34 -0400 In-Reply-To: <53CBB095.6010705@nod.at> References: <87lhrpayl4.fsf@igel.home> <87fvhwxps6.fsf@igel.home> <87bnskxn7g.fsf@igel.home> <53CBB095.6010705@nod.at> To: Richard Weinberger Cc: LKML , Andreas Schwab MIME-Version: 1.0 Subject: Re: ls -l /proc/1/exe -> Permission denied X-KeepSent: 2729CE69:3EF22126-C1257D1B:0069427B; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.5.3 September 15, 2011 From: Joakim Tjernlund Message-ID: Date: Sun, 20 Jul 2014 21:15:29 +0200 X-MIMETrack: Serialize by Router on mail1/Transmode(Release 8.5.3FP6|November 21, 2013) at 20/07/2014 21:15:29, Serialize complete at 20/07/2014 21:15:29 Content-Type: text/plain; charset="US-ASCII" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Richard Weinberger wrote on 2014/07/20 14:05:41: > > Am 20.07.2014 13:51, schrieb Andreas Schwab: > > Richard Weinberger writes: > >> Do you have an example? > > > > proc symlinks are special because they actually resolve to the inode. > > Ah. If an attacker manages the kernel to follow the symlink he could > indirectly access that file. > Thanks for pointing this out! That is a big if, I read this as you don't trust the kernels impl. of proc sym links so paper over this with denying all other to read trivial data such as the exe sym link. Jocke -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/