Full Disclosure mailing list archives
Re: hard links on Linux create local DoS vulnerability and security problems
From: Trent Petrasek <tpetrasek () internap com>
Date: Mon, 24 Nov 2003 15:29:17 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not sure what systems you may be referring to, but in my experience, /tmp is mounted as a device or mounted as swap, thus violating the 'cross-device' limitation of a hard link. - -------------------------------------------------------- Trenton Petrasek tpetrasek () internap com - -------------------------------------------------------- On Mon, Nov 24, 2003 at 07:38:38PM +0100, Carl Ekman <calle () gosig nu> wrote:
Since many systems have /tmp on the root filesystem /tmp could also be used to link to setuid binaries.The link to setuid programs is more of concern except that it won't be able to happen unless you have setuid-root programs in a home directory partition, which sounds bad anyway.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/wmod1CLn4SP2qlMRAj32AJ0SIUPimA403t8UtpJUBLstQWnIugCfdHsx sgoItycHopzinkdOwhVwCgc= =dFtb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: hard links on Linux create local DoS vulnerability and security problems, (continued)
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Jeremiah Cornelius (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Peter Busser (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Kurt Seifried (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Christopher Allene (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Carl Ekman (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Trent Petrasek (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Seth Breidbart (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems I.R.van Dongen (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems Bob Beck (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 26)