lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200311261418.58847.jeremiah@nur.net> Date: Wed, 26 Nov 2003 14:18:56 -0800 From: Jeremiah Cornelius <jeremiah@....net> To: Jakob Lell <jlell@...obLell.de> Cc: Steven Leikeim <steven@...l.ucalgary.ca>, full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: Re: hard links on Linux create local DoS vulnerability and security problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 24 November 2003 10:17, Steven Leikeim wrote: <SNIP> > There is a simpler solution. Place user files on a separate filesystem > from system files. This includes putting all temporary files on separate > filesystems of their own. (Both /tmp and /var/tmp.) Since hard links > cannot cross filesystems the problem disappears. Mounting user filesystems > nosuid and nodev will prevent security problems should a setuid binary > appear in that filesystem. And a mandatory system profile in /etc , which aliases ln as 'ln -s' might help. One for each valid shell. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xSbQJi2cv3XsiSARAm5CAJwPkETRJxLWAXw3M+B8jjfUwr38aQCeNzU/ 4AjEdIIdmXmIHA6pYWjb1ao= =FIsi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists