Re: Why are exe, cwd, and root priviledged bits of information?

Daniel Jacobowitz (dan@debian.org)
Thu, 7 Nov 2002 17:28:54 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Urban Widmark: "Re: !(smbfs && O_LARGEFILE)"
Previous message: David Woodhouse: "Re: swsusp: don't eat ide disks"

On Thu, Nov 07, 2002 at 02:16:15PM -0800, jw schultz wrote:
> On Thu, Nov 07, 2002 at 11:05:21AM -0500, Daniel Jacobowitz wrote:
> > On Thu, Nov 07, 2002 at 10:57:06AM -0500, Calin A. Culianu wrote:
> > >
> > > In the /prod/PID subset of procfs, why are the exe, cwd, and root symlinks
> > > considered priviledged information?
> > >
> > > Exe is the big one for me, as this one can be usually infered from reading
> > > /prod/PID/maps. Root I guess can't be inferred in any unpriviledged way,
> > > and neither can cwd. At any rate.. I am not sure behind the philosophy to
> > > make these symlinks' destinations priviledged... can someone clarify
> > > this?
> >
> > This came up a little while ago. The answer is that maps should be
> > priviledged also.
> >
> > For instance:
> > You can protect a directory by giving its parent directory no read
> > permissions. The name of the directory is now secret. You don't want
> > to reveal it in cwd.
> >
>
> Daniel is correct in that the issue came up recently. He
> gives _his_ answer above. If you believe in security
> through obscurity you will agree with him. I don't.
> I will agree that there should be no real reason to need
> access to this information.
>
> With ACLs you will be able to explicitly grant access and
> you won't have to depend on keeping shared info secret.
> Then this will be less of an issue.

I recommend you go think about what security through obscurity actually
_means_. If you think that an unreadable directory and a
randomly-generated subdirectory is security through obscurity, then in
what way is it actually different from a _password_? That's what it
is.

Yes, this is poor-man's-ACLs. It works in a lot of places when ACLs
won't. For instance, an anonymous FTP server...

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Urban Widmark: "Re: !(smbfs && O_LARGEFILE)"
Previous message: David Woodhouse: "Re: swsusp: don't eat ide disks"