Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hard links on Linux create local DoS vulnerability and security problems

From: "Zow" Terry Brugger <zow () llnl gov>
Date: Tue, 25 Nov 2003 07:36:17 -0800
Michal, and anyone else who would care to chip in:


Rant: the truth is, Linux and many other systems are just not very
suitable for providing shell-level accounts. <snip> even then,
it is usually possible to DoS the system or other users or cause other
inconvenience and security exposure. As such, I doubt this will get
noticed and patched.


I think that it has been noticed, however patches are difficult as these 
features are tied to the design of the system. So allow me to put forth a 
general question: what collaborative multiuser (shared-namespace) systems 
have people worked with that didn't suffer from this problem? I'm more 
interested in real systems used in a production environment, not just some 
toy OS's that never got out of the lab.

Terry

from Standard import Disclaimer


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: