| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Oct 2021 06:24:56 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...r.kernel.org
Subject: [Bug 214665] security bug:using "truncate" bypass disk quotas limit
https://bugzilla.kernel.org/show_bug.cgi?id=214665
leveryd (1157599735@...com) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |---
--- Comment #2 from leveryd (1157599735@...com) ---
i know `truncate` file does not task up disk space, but i still think it has
some "design" problem about security.
* why i still think it has some problem?
because developer will trust "quota limit" very likely, so they will not
check the file is "truncate file" or not before they do some operation on file.
for example(assume a scenario): developer limit every ftp user's disk space
by using "disk quotas", and there is a crontab job which will backup ftp user's
files every day. if this crontab job does not check "truncate file" exist or
not and then backup using "tar" or "zip" compress command, then when a
malicious user create a file using `truncate -s 100G id`, after compress this
special "truncate file`, the machine disk space will be consumed more than 100G
actually.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists