Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hard links on Linux create local DoS vulnerability and security problems

From: "I.R.van Dongen" <vdongen () hetisw nl>
Date: Tue, 25 Nov 2003 08:53:15 +0100
On Mon, 24 Nov 2003 12:45:04 -0500
flaps () dgp toronto edu (Alan J Rosenthal) wrote:

Furthermore, users can even create links to a setuid binary.


Only if it's on the same partition.  This is just one of a huge number
of reasons you shouldn't allow users to write to your root or /usr
partitions.


That's why I dislike the fbsd default to put /home on /usr/home if there
is no /home partition.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: