| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTimjwjMStUfRRidzZF+DCSwucVRD2w@mail.gmail.com> Date: Mon, 30 May 2011 16:27:31 -0700 From: coderman <coderman@...il.com> To: halfdog <me@...fdog.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) On Mon, May 30, 2011 at 6:56 AM, halfdog <me@...fdog.net> wrote: > ... > It seems that quite a few backup applications are (or were) vulnerable > to special combined symlink/timing attacks on pathname components before > the last one (so O_NOFOLLOW does not help). > ... > Please let me know, if ... you > have good reason, that the kernel interface is not the point, where this > issue could be addressed most efficiently. use lvm snapshots for backups, either directly at volume level or mounting a read-only snapshot and running backup over that static filesystem state. running backups on live filesystems? not a great idea even if these issues resolved. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists