/proc Permissions

VCore5.0 · 11-23-2005, 06:30 PM

I posted the following in another forum (ubuntuforums.org), but haven't gotten a response nor does it look like the post is garnering much interest (maybe deservedly so) based on the number of times it has been read. I'd like to get a definitive answer before continuing with Ubuntu.

--------------------------
I recently installed Ubuntu to try it out and was running some security checks (and just poking around in general).

I noticed that when running this command:

Code:

sudo find / -perm -002 \( -type f -o -type d \) -ls > WorldWriteable.txt

that lots of directories and files in /proc were listed as world writable.

Scanning the output file, most of the files are in the /proc/*/attr directories (if not all); filenames in /proc/* are mostly (if not all of them) .../current, .../exec, and .../fscreate. The owners vary from root, to current user, to hal, etc. (see Examples section below)

I checked my Centos 4.x installation using the same test, and while the Ubuntu test resulted in hundreds of world writable files in /proc, the Centos test came back with a total of only 12 files (none in /poc). The only commonality between the two installations were these world writables (note the "rwt" which indicates read, write and store in swap space):

rwx-rwx-rwt /dev/shm
rwx-rwx-rwt /tmp/.X11-unix
rwx-rwx-rwt /tmp/.ICE-unix

Questions:

1. Can one presume that the world writables common to both Centos and Ubuntu are "normal" and should be left like this?

2. Conversely, should one presume that the Ubuntu permissions for the /proc files are too loose, and therefore they should be "chmod'd" to remove the write bit for "others"?

Thanks.
__________________

Examples from the Ubuntu permissions check:

-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/9464/attr/current
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/9464/attr/exec
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/9464/attr/fscreate
-----------
-rw-rw-rw- 1 [USER] [USER] 0 Nov 22 11:11 /proc/9106/task/9106/attr/current
-rw-rw-rw- 1 [USER] [USER] 0 Nov 22 11:11 /proc/9106/task/9106/attr/exec
-rw-rw-rw- 1 [USER] [USER] 0 Nov 22 11:11 /proc/9106/task/9106/attr/fscreate

While I'm at it, a few other questionable permissions:

----------
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/acpi/hotkey/info
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/acpi/hotkey/action
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/acpi/hotkey/poll_config
-rw-rw-rw- 1 root root 0 Nov 22 11:11 /proc/acpi/hotkey/event_config

----------

drwxrwxrwt 3 [USER] [USER] 72 Nov 18 16:02 /var/cache/fonts/pk/ljfour
drwxrwxrwt 4 [USER] [USER] 96 Nov 18 16:02 /var/cache/fonts/pk/ljfour/jknappen
drwxrwxrwt 2 [USER] [USER] 560 Nov 18 16:02 /var/cache/fonts/pk/ljfour/jknappen/ec
drwxrwxrwt 2 [USER] [USER] 80 Nov 18 16:02 /var/cache/fonts/pk/ljfour/jknappen/tc

tkedwards · 11-23-2005, 10:45 PM

Those /proc/*/attr directories seem to be something to do with the Linux Security Module (http://lsm.immunix.org/lsm_about.html). I checked on my Centos 4 install as well and couldn't find any /proc/*/attr directories. Maybe look more into LSM and you'll find out why they are world writable and why they are there in the first place

Post back here if you find something interesting

VCore5.0 · 11-24-2005, 01:46 AM

Quote:

Originally posted by tkedwards
Those /proc/*/attr directories seem to be something to do with the Linux Security Module (http://lsm.immunix.org/lsm_about.html). I checked on my Centos 4 install as well and couldn't find any /proc/*/attr directories. Maybe look more into LSM and you'll find out why they are world writable and why they are there in the first place Post back here if you find something interesting

Thank you very much for the reply. I'll see if the LSM angle gets me anywhere.

Whatever I find, if anything, I'll report back.

VCore5.0 · 11-28-2005, 05:36 PM

Just updating ...

I still have no definitive information on the topic.