| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031124202917.GM12047@tpetrasek.acs.internap.com> Date: Mon, 24 Nov 2003 15:29:17 -0500 From: Trent Petrasek <tpetrasek@...ernap.com> To: Carl Ekman <calle@...ig.nu> Cc: Alan J Rosenthal <flaps@....toronto.edu>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: hard links on Linux create local DoS vulnerability and security problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not sure what systems you may be referring to, but in my experience, /tmp is mounted as a device or mounted as swap, thus violating the 'cross-device' limitation of a hard link. - -------------------------------------------------------- Trenton Petrasek tpetrasek@...ernap.com - -------------------------------------------------------- On Mon, Nov 24, 2003 at 07:38:38PM +0100, Carl Ekman <calle@...ig.nu> wrote: > Since many systems have /tmp on the root filesystem /tmp could also be used to > link to setuid binaries. > > > The link to setuid programs is more of concern except that it won't be able > > to happen unless you have setuid-root programs in a home directory > > partition, which sounds bad anyway. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/wmod1CLn4SP2qlMRAj32AJ0SIUPimA403t8UtpJUBLstQWnIugCfdHsx sgoItycHopzinkdOwhVwCgc= =dFtb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists