Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hard links on Linux create local DoS vulnerability and security problems

From: Trent Petrasek <tpetrasek () internap com>
Date: Mon, 24 Nov 2003 15:29:17 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Not sure what systems you may be referring to, but in my experience, /tmp is mounted as a device or mounted as swap, 
thus violating the 'cross-device' limitation of a hard link.

- --------------------------------------------------------
 Trenton Petrasek         
 tpetrasek () internap com
- --------------------------------------------------------

On Mon, Nov 24, 2003 at 07:38:38PM +0100, Carl Ekman <calle () gosig nu> wrote:

Since many systems have /tmp on the root filesystem /tmp could also be used to 
link to setuid binaries.


The link to setuid programs is more of concern except that it won't be able
to happen unless you have setuid-root programs in a home directory
partition, which sounds bad anyway.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/wmod1CLn4SP2qlMRAj32AJ0SIUPimA403t8UtpJUBLstQWnIugCfdHsx
sgoItycHopzinkdOwhVwCgc=
=dFtb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: