Re: ls -l /proc/1/exe -> Permission denied
From: Joakim Tjernlund
Date: Sun Jul 20 2014 - 07:20:11 EST
Richard Weinberger <richard.weinberger@xxxxxxxxx> wrote on 2014/07/20
13:06:30:
>
> On Sun, Jul 20, 2014 at 12:55 PM, Andreas Schwab <schwab@xxxxxxxxxxxxxx>
wrote:
> > Joakim Tjernlund <joakim.tjernlund@xxxxxxxxxxxx> writes:
> >
> >> Andreas Schwab <schwab@xxxxxxxxxxxxxx> wrote on 2014/07/19 22:21:59:
> >>>
> >>> Joakim Tjernlund <joakim.tjernlund@xxxxxxxxxxxx> writes:
> >>>
> >>> > Trying to real /proc/<pid>/exe I noticed I could not read links
not
> >>> > belonging to my user such as:
> >>> > jocke > ls -l /proc/1/exe
> >>> > ls: cannot read symbolic link /proc/1/exe: Permission
> >> denied
> >>> >
> >>> > Is this expected?
> >>>
> >>> Yes. This information is considered private.
> >>
> >> I don't understand why though.
> >
> > It would allow bypassing access restrictions.
>
> Do you have an example?
> I'm asking because an attacker could make any symlink as he wants to.
> A ln -s /etc/shadow lala still does not give me access to shadow...
precisely, I just want to see what it is pointing too.
Also, the links privs are inconsistent with current behaviour:
lrwxrwxrwx 1 root root 0 Jul 15 19:03 exe
Jocke
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/