[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Hole: how to resolve?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Security Hole: how to resolve?
From: tdemarti <tdemarti_(_at_)_usc_(_dot_)_edu>
Date: Sun, 1 Oct 2000 15:27:54 -0700 (PDT)

I just noticed something strange about the way links are handled.  Using
the procedure outlined below any user could cause the file system's inode
maximum to be reached, even if they have an inode quota.

Step 1: Log in with two concurrent sessions (call them A and B).
Step 2: Run "passwd" on session A.
Step 3: Type "ln /etc/ptmp ./ptmp0" on session B.
Step 4: Cancel passwd by hitting return on session A.
Step 5: Notice that root's inode count is now one higher than it was just
        before Step 2.
Step 6: Repeat steps 2-4 replacing 0 with 1, 2, 3, etc., until the inode
        capacity of the file system is reached.

What can be done about this?  Has this been discussed before?

Thanks,
Thomas.

Prev by Date: Re: Linux emulation
Next by Date: RE: Linux emulation
Previous by thread: RE: Linux emulation
Next by thread: How make change in group membership affect currently logged on users?
Index(es):
- Date
- Thread

Visit your host, monkey.org