[944] in bugtraq
Re: Request for discussion.
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed Feb 8 14:37:09 1995
To: Karl Strickland <karl@bagpuss.demon.co.uk>
Cc: bugtraq@fc.net
Reply-To: bugtraq@fc.net
In-Reply-To: Your message of "Wed, 08 Feb 1995 14:27:56 GMT."
<199502081427.OAA23150@bagpuss.demon.co.uk>
Date: Wed, 08 Feb 1995 16:24:08 +0100
From: Casper Dik <casper@fwi.uva.nl>
>>
>>
>>
>> >Not if "Real OS(tm)" == Linux. (which of course has the best procfs money can't
>> >buy).
>> >
>>
>> Which is why Linux procfs has tons of security holes.
>>
>> Casper
>>
>
>Such as?
Hm, they seem to be fix now. In early rleases the permissions
of the fd and cd and exec files weren't right.
Now it uses some ugly hack that looks like the modes on the symlink
are 700 (lrwx------) which only seems to work on the funny symlinks
under /proc.
Hm, it just occured to me that, as root, hijackling connections under Linux
is real simple, you just open the right /proc/pid/fd/<num>
Casper
