lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Oct 2021 06:24:56 +0000 From: bugzilla-daemon@...zilla.kernel.org To: linux-ext4@...r.kernel.org Subject: [Bug 214665] security bug:using "truncate" bypass disk quotas limit https://bugzilla.kernel.org/show_bug.cgi?id=214665 leveryd (1157599735@...com) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #2 from leveryd (1157599735@...com) --- i know `truncate` file does not task up disk space, but i still think it has some "design" problem about security. * why i still think it has some problem? because developer will trust "quota limit" very likely, so they will not check the file is "truncate file" or not before they do some operation on file. for example(assume a scenario): developer limit every ftp user's disk space by using "disk quotas", and there is a crontab job which will backup ftp user's files every day. if this crontab job does not check "truncate file" exist or not and then backup using "tar" or "zip" compress command, then when a malicious user create a file using `truncate -s 100G id`, after compress this special "truncate file`, the machine disk space will be consumed more than 100G actually. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
Powered by blists - more mailing lists