* Potential security improvement in rootfs "/" from transversal directory attack
@ 2015-07-14 11:58 Tomas Bortoli
0 siblings, 0 replies; only message in thread
From: Tomas Bortoli @ 2015-07-14 11:58 UTC (permalink / raw)
To: linux-fsdevel
Hi all, I'm new to this mailing list and to kernel devs in general. Hope we'll have good time together. And thanks in advance for your time and all.
Clarification:
With rootfs I mean the root of the roots of the file systems mounted. Upon which are mounted the others file systems.
Context-Problem:
In a transversal directory attack, in which the attacker doesn't know which is the relative path to start with the attack (which is read/write doesn't care) an attacker could exploit the fact that the rootfs has a ".." dir entry in the "/" dir to be sure to browse the correct "/" by concatenating a series of "../../" repeated n times (with n>=current_depth_of_directory ; this is easy to do with a big n). Reached the "/" he could go in the preferred path. Then the dangerousness depends from the achieved privileges.
Question:
Wouldn't be better to have the rootfs, that in the root directory "/" doesn't have a dir entry ".." to itself?
Would this change creates problems to the kernel or the user space programs?
Why is this solution in place? Is just a Unix convention or something more (w.r.t Unix)?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-07-14 12:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-14 11:58 Potential security improvement in rootfs "/" from transversal directory attack Tomas Bortoli
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.