lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 11 Oct 2021 06:24:56 +0000
Subject: [Bug 214665] security bug:using "truncate" bypass disk quotas limit

leveryd ( changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #2 from leveryd ( ---
i know `truncate` file does not task up disk space, but i still think it has
some "design" problem about security.

* why i still think it has some problem?

  because developer will trust "quota limit" very likely, so they will not
check the file is "truncate file" or not before they do some operation on file.

  for example(assume a scenario): developer limit every ftp user's disk space
by using "disk quotas", and there is a crontab job which will backup ftp user's
files every day. if this crontab job does not check "truncate file" exist or
not and then backup using "tar" or "zip" compress command, then when a
malicious user create a file using `truncate -s 100G id`, after compress this
special "truncate file`, the machine disk space will be consumed more than 100G

You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists