[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
From: "I.R.van Dongen" <vdongen@hetisw.nl>
Date: Tue, 25 Nov 2003 08:53:15 +0100

On Mon, 24 Nov 2003 12:45:04 -0500
flaps@dgp.toronto.edu (Alan J Rosenthal) wrote:
> >Furthermore, users can even create links to a setuid binary.
> 
> Only if it's on the same partition.  This is just one of a huge number
> of reasons you shouldn't allow users to write to your root or /usr
> partitions.

That's why I dislike the fbsd default to put /home on /usr/home if there
is no /home partition.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
  - From: "Alan J Rosenthal" <flaps@dgp.toronto.edu>

Prev by Date: RE: [Full-Disclosure] Potentially new Virus
Next by Date: Re: [Full-Disclosure] Potentially new Virus
Previous by thread: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Next by thread: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Index(es):
- Date
- Thread