[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
- To: Jakob Lell <jlell@JakobLell.de>
- Subject: Re: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
- From: Jeremiah Cornelius <jeremiah@nur.net>
- Date: Wed, 26 Nov 2003 14:18:56 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 24 November 2003 10:17, Steven Leikeim wrote:
<SNIP>
> There is a simpler solution. Place user files on a separate filesystem
> from system files. This includes putting all temporary files on separate
> filesystems of their own. (Both /tmp and /var/tmp.) Since hard links
> cannot cross filesystems the problem disappears. Mounting user filesystems
> nosuid and nodev will prevent security problems should a setuid binary
> appear in that filesystem.
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might
help. One for each valid shell.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/xSbQJi2cv3XsiSARAm5CAJwPkETRJxLWAXw3M+B8jjfUwr38aQCeNzU/
4AjEdIIdmXmIHA6pYWjb1ao=
=FIsi
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html