Full Disclosure mailing list archives
Re: hard links on Linux create local DoS vulnerability and security problems
From: vb () dontpanic ulm ccc de
Date: Tue, 25 Nov 2003 13:32:44 +0100
On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
to another user. This hard link continues to exist even if the original file is removed by the owner. However, as the link still belongs to the original owner, it is still counted to his quota. If a malicious user creates hard links for every temp file created by another user, this can make the victim run out of quota (or even fill up the hard disk). This makes a local DoS attack possible.
Every *NIX filesystem has such links. I cannot see a DoS-attack with that fact, because a user will address his sysadmin with that problem. And the BOFH^Wsysadmin will then wag a finger. The "attacker" has to be a local user also. Of course, that is a design flow which is there because of the fact that quotas were not implemented in the first UNIX filesystem versions.
Furthermore, users can even create links to a setuid binary. If there is a security whole like a buffer overflow in any setuid binary, a cracker can create a hard link to this file in his home directory. This link still exists when the administrator has fixed the security whole by removing or replacing the insecure program. This makes it possible for a cracker to keep a security whole open until an exploit is available. It is even possible to create links to every setuid program on the system. This doesn't create new security wholes but makes it more likely that they are exploited.
No. Only a beginner would ignore the link count for a file when removing it for security reasons. Every *NIX admin with basic knowledge of UNIX or Linux will not ignore it.
I could reproduce the problem on linux 2.2.19 and 2.4.21 (and found nothing about it in the changelogs to 2.4.23-rc3). If you can check whether this problem also exists on other unix-like operating systems, please post the results.
This "problem" exists with all *NIX systems I know, but it is not a big problem. VB. -- Volker Birk, Postfach 1540, 88334 Bad Waldsee, Germany Phone +49 (7524) 912142, Fax +49 (7524) 996807, dingens () bumens org http://fdik.org, Deutsches IRCNet fdik!~c_vbirk () wega rz uni-ulm de PGP-Key: http://www.x-pie.de/vb.asc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Brian Bennett (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems petard (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Valdis . Kletnieks (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems petard (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Zow (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems vb (Nov 25)
- Message not available
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Jeremiah Cornelius (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Peter Busser (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Kurt Seifried (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Christopher Allene (Nov 26)
- <Possible follow-ups>
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)