| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031125153622.ECAED1BE68@zathras.llnl.gov> Date: Tue, 25 Nov 2003 07:36:17 -0800 From: "Zow" Terry Brugger <zow@...l.gov> To: Michal Zalewski <lcamtuf@...ttot.org> Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: hard links on Linux create local DoS vulnerability and security problems Michal, and anyone else who would care to chip in: > Rant: the truth is, Linux and many other systems are just not very > suitable for providing shell-level accounts. <snip> even then, > it is usually possible to DoS the system or other users or cause other > inconvenience and security exposure. As such, I doubt this will get > noticed and patched. I think that it has been noticed, however patches are difficult as these features are tied to the design of the system. So allow me to put forth a general question: what collaborative multiuser (shared-namespace) systems have people worked with that didn't suffer from this problem? I'm more interested in real systems used in a production environment, not just some toy OS's that never got out of the lab. Terry from Standard import Disclaimer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists