[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
- To: Carl Ekman <calle@gosig.nu>
- Subject: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
- From: Trent Petrasek <tpetrasek@internap.com>
- Date: Mon, 24 Nov 2003 15:29:17 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not sure what systems you may be referring to, but in my experience, /tmp is
mounted as a device or mounted as swap, thus violating the 'cross-device'
limitation of a hard link.
- --------------------------------------------------------
Trenton Petrasek
tpetrasek@internap.com
- --------------------------------------------------------
On Mon, Nov 24, 2003 at 07:38:38PM +0100, Carl Ekman <calle@gosig.nu> wrote:
> Since many systems have /tmp on the root filesystem /tmp could also be used
> to
> link to setuid binaries.
>
> > The link to setuid programs is more of concern except that it won't be able
> > to happen unless you have setuid-root programs in a home directory
> > partition, which sounds bad anyway.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/wmod1CLn4SP2qlMRAj32AJ0SIUPimA403t8UtpJUBLstQWnIugCfdHsx
sgoItycHopzinkdOwhVwCgc=
=dFtb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html