lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031124181745.GA27357@m5.enel.ucalgary.ca>
Date: Mon, 24 Nov 2003 11:17:45 -0700
From: Steven Leikeim <steven@...l.ucalgary.ca>
To: Jakob Lell <jlell@...obLell.de>
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: hard links on Linux create local DoS vulnerability and security problems


On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
> Hello,
> on Linux it is possible for any user to create a hard link to a file belonging 
> to another user. This hard link continues to exist even if the original file 
> is removed by the owner. However, as the link still belongs to the original 
> owner, it is still counted to his quota. If a malicious user creates hard 
> links for every temp file created by another user, this can make the victim 
> run out of quota (or even fill up the hard disk). This makes a local DoS 
> attack possible.
> 

Actually, this is a problem with ALL UNIX/UNIX like systems. And has been
since the beginning.

> 
> To solve the problem, the kernel shouldn't allow users to create hard links to 
> files belonging to someone else.

There is a simpler solution. Place user files on a separate filesystem
from system files. This includes putting all temporary files on separate
filesystems of their own. (Both /tmp and /var/tmp.) Since hard links
cannot cross filesystems the problem disappears. Mounting user filesystems
nosuid and nodev will prevent security problems should a setuid binary
appear in that filesystem.

Of course, this does not eliminate the first "DoS" problem noted above, but
it is simple for an administrator to find where the extraneous links are
and deal with the offending party.

-- 
Steven Leikeim                        |
University of Calgary                 |   There are lies, damned lies,
Department of Electrical Engineering  |        and statistics.
Internet: steven@...l.ucalgary.ca     |


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ