Full Disclosure mailing list archives
Re: Re: hard links on Linux create local DoS vulnerability and security problems
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 26 Nov 2003 14:18:56 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 24 November 2003 10:17, Steven Leikeim wrote: <SNIP>
There is a simpler solution. Place user files on a separate filesystem from system files. This includes putting all temporary files on separate filesystems of their own. (Both /tmp and /var/tmp.) Since hard links cannot cross filesystems the problem disappears. Mounting user filesystems nosuid and nodev will prevent security problems should a setuid binary appear in that filesystem.
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might help. One for each valid shell. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xSbQJi2cv3XsiSARAm5CAJwPkETRJxLWAXw3M+B8jjfUwr38aQCeNzU/ 4AjEdIIdmXmIHA6pYWjb1ao= =FIsi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: hard links on Linux create local DoS vulnerability and security problems, (continued)
- Re: hard links on Linux create local DoS vulnerability and security problems Brian Bennett (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems petard (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Valdis . Kletnieks (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems petard (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Zow (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems vb (Nov 25)
- Message not available
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Jeremiah Cornelius (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Peter Busser (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Kurt Seifried (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Christopher Allene (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Carl Ekman (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Trent Petrasek (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Seth Breidbart (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems I.R.van Dongen (Nov 25)