From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@quanstro.net>
Date: Thu,  2 Jan 2014 16:35:48 -0500
To: 9fans@9fans.net
Message-ID: <485d71a18a3e7bfe4849015183f99f06@brasstown.quanstro.net>
In-Reply-To: <87038489650152a926dc7a912f59429e@felloff.net>
References: <87038489650152a926dc7a912f59429e@felloff.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] devproc noteid changing for none
Topicbox-Message-UUID: ab4219a4-ead8-11e9-9d60-3106f5b1d025

On Thu Jan  2 16:33:33 EST 2014, cinap_lenrek@felloff.net wrote:
> a process running as "none" can only access its own (calling) process.
>
> but noteid write allows it to change the noteid of its own process to
> a nother group (also running as none) which allows it to send notes
> to that group.
>
> this has to be prevented.

; cd /proc/$pid; pwd
/proc/75189
; cat noteid
      76810 ;
; auth/none
; cd /proc/$pid; pwd
/proc/75192
; cat noteid
cat: can't open noteid: 'noteid' permission denied

- erik