From: Mark Mielke <mark@mark.mielke.cc>
To: Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>
Cc: elladan@eskimo.com, Christoph Hellwig <hch@infradead.org>,
Linux-Kernel <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] ext2 and ext3 block reservations can be bypassed
Date: Tue, 14 May 2002 15:55:04 -0400 [thread overview]
Message-ID: <20020514155504.D22935@mark.mielke.cc> (raw)
In-Reply-To: <200205141854.NAA59350@tomcat.admin.navo.hpc.mil>
I.e. a fix to ext2/ext3 is not horribly useful.
mark
On Tue, May 14, 2002 at 01:54:40PM -0500, Jesse Pollard wrote:
> --------- Received message begins Here ---------
>
> >
> > Don't put /var/log on the same file system as /home, and don't grant
> > access to /var/log to any normal userid.
> >
> > This isn't 'new'.
>
> Also not relevent. If you want to get picky, don't put root, /usr, /var
> and /etc on the same filesystem. Make them all separate. Don't put
> /tmp, /var/tmp, on the same filesystem either. Mount /usr read only.
> mount / read only, mount all user writable filesystems nosetuid, nosetgid.
>
> However, not all daemons run as root, but do log into /var/adm or /var/log.
> If these fill up the log device without restraint, then your audit logs will
> ALSO be affected (unless you have syslog send them to a different host).
>
> Users don't have to have access to the filesystem to cause write activity
> to it. The reserved space is just a small thing. It can't catch everything,
> but the system CAN continue to function after the filesystem fills up.
> Hopefully, long enough to record events and allow the administrator to
> clean up. That is the ONLY security function it has.
>
> > mark
> >
> >
> > On Tue, May 14, 2002 at 12:53:47PM -0500, Jesse Pollard wrote:
> > > If the root file system is ext2, it does become a security issue since
> > > currently active logs will continue to record log entries until the
> > > filesystem is absolutly filled. I should say, if the log device fills up,
> > > since the log directory is usually /var/log, or /var/adm. Some logs show
> > > up in etc, but that really depends on the configuration. It IS usefull if the
> > > filesystem is "full" due to attacks - daemons tend to terminate themselves,
> > > and their log entry indicates what the problem was. If it is an attack, then
> > > it's a security issue.
> > >
> > > The only reason it helps fragmentation (subject to actual implementor
> > > statements) is that the filesystem code will use every scavanged block
> > > possible under saturation. When the filesystem gets cleand up later,
> > > these excessively fragmented files will remain, and continue to cause
> > > access delays.
> > >
> > > Naturally, deleting (or backup/restore) the file(s) cleans up the fragmentation.
> > >
>
> -------------------------------------------------------------------------
> Jesse I Pollard, II
> Email: pollard@navo.hpc.mil
>
> Any opinions expressed are solely my own.
--
mark@mielke.cc/markm@ncf.ca/markm@nortelnetworks.com __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada
One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...
http://mark.mielke.cc/
next prev parent reply other threads:[~2002-05-14 20:00 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-14 18:54 [RFC] ext2 and ext3 block reservations can be bypassed Jesse Pollard
2002-05-14 19:04 ` Alexander Viro
2002-05-14 19:55 ` Mark Mielke [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-05-14 19:29 Jesse Pollard
2002-05-14 18:07 Jesse Pollard
2002-05-14 18:00 Jesse Pollard
2002-05-14 17:53 Jesse Pollard
2002-05-14 18:23 ` Mark Mielke
2002-05-14 19:11 ` Alexander Viro
[not found] <791836807@toto.iv>
2002-05-12 22:04 ` Peter Chubb
2002-05-12 22:53 ` Alexander Viro
2002-05-13 4:22 ` Kasper Dupont
2002-05-13 4:51 ` Elladan
2002-05-12 16:23 Kasper Dupont
2002-05-12 16:42 ` Jakob Østergaard
2002-05-12 17:34 ` Elladan
2002-05-12 18:15 ` Alexander Viro
2002-05-12 18:37 ` Elladan
2002-05-12 19:02 ` Jakob Østergaard
2002-05-12 19:04 ` Mark Mielke
2002-05-13 17:09 ` Horst von Brand
2002-05-13 17:52 ` Elladan
2002-05-13 17:57 ` Christoph Hellwig
2002-05-14 16:22 ` Elladan
2002-05-14 16:55 ` Mark Mielke
2002-05-14 17:47 ` Elladan
2002-05-14 18:51 ` Kasper Dupont
2002-05-15 19:48 ` Pavel Machek
2002-05-15 20:29 ` Alan Cox
2002-05-14 15:40 ` Kasper Dupont
2002-05-14 15:56 ` Mark Mielke
2002-05-14 18:25 ` Kasper Dupont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020514155504.D22935@mark.mielke.cc \
--to=mark@mark.mielke.cc \
--cc=elladan@eskimo.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pollard@tomcat.admin.navo.hpc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.