[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems

To: Michal Zalewski <lcamtuf@ghettot.org>
Subject: Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems
From: "Zow" Terry Brugger <zow@llnl.gov>
Date: Tue, 25 Nov 2003 07:36:17 -0800

Michal, and anyone else who would care to chip in:

> Rant: the truth is, Linux and many other systems are just not very
> suitable for providing shell-level accounts. <snip> even then,
> it is usually possible to DoS the system or other users or cause other
> inconvenience and security exposure. As such, I doubt this will get
> noticed and patched.

I think that it has been noticed, however patches are difficult as these 
features are tied to the design of the system. So allow me to put forth a 
general question: what collaborative multiuser (shared-namespace) systems 
have people worked with that didn't suffer from this problem? I'm more 
interested in real systems used in a production environment, not just some 
toy OS's that never got out of the lab.

Terry

from Standard import Disclaimer


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems
  - From: Michal Zalewski <lcamtuf@ghettot.org>

Prev by Date: Re: [Full-Disclosure] Potentially new Virus
Next by Date: Re: [Full-Disclosure] Potentially new Virus
Previous by thread: Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems
Next by thread: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Index(es):
- Date
- Thread