[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security Hole: how to resolve?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Security Hole: how to resolve?
- From: tdemarti <tdemarti_(_at_)_usc_(_dot_)_edu>
- Date: Sun, 1 Oct 2000 15:27:54 -0700 (PDT)
I just noticed something strange about the way links are handled. Using
the procedure outlined below any user could cause the file system's inode
maximum to be reached, even if they have an inode quota.
Step 1: Log in with two concurrent sessions (call them A and B).
Step 2: Run "passwd" on session A.
Step 3: Type "ln /etc/ptmp ./ptmp0" on session B.
Step 4: Cancel passwd by hitting return on session A.
Step 5: Notice that root's inode count is now one higher than it was just
before Step 2.
Step 6: Repeat steps 2-4 replacing 0 with 1, 2, 3, etc., until the inode
capacity of the file system is reached.
What can be done about this? Has this been discussed before?
Visit your host, monkey.org