From: mru@kth.se (Måns Rullgård)
To: linux-kernel@vger.kernel.org
Subject: Re: hard links create local DoS vulnerability and security problems
Date: Mon, 24 Nov 2003 18:05:53 +0100 [thread overview]
Message-ID: <yw1x1xrxpuha.fsf@kth.se> (raw)
In-Reply-To: 200311241736.23824.jlell@JakobLell.de
Jakob Lell <jlell@JakobLell.de> writes:
> on Linux it is possible for any user to create a hard link to a file
> belonging to another user. This hard link continues to exist even if
> the original file is removed by the owner. However, as the link
> still belongs to the original owner, it is still counted to his
> quota. If a malicious user creates hard links for every temp file
> created by another user, this can make the victim run out of quota
> (or even fill up the hard disk). This makes a local DoS attack
> possible.
This only make for a DoS attack if the there are user-writable
directories on a filesystem that the system depends on being writable.
> Furthermore, users can even create links to a setuid binary. If
> there is a security whole like a buffer overflow in any setuid
> binary, a cracker can create a hard link to this file in his home
> directory. This link still exists when the administrator has fixed
> the security whole by removing or replacing the insecure
> program. This makes it possible for a cracker to keep a security
> whole open until an exploit is available. It is even possible to
> create links to every setuid program on the system. This doesn't
> create new security holes but makes it more likely that they are
> exploited.
If any SUID user writable directories (/tmp, /var/various, /home) are
kept on separate partitions from any SUID executables (belonging in
/bin and /usr/bin), creating such links becomes impossible, and the
problem vanishes.
If a SUID program is found to have a security hole, the administrator
should make sure he removes all links to it when deleting it, just to
be safe.
--
Måns Rullgård
mru@kth.se
next prev parent reply other threads:[~2003-11-24 17:06 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-24 16:36 hard links create local DoS vulnerability and security problems Jakob Lell
2003-11-24 17:05 ` Måns Rullgård [this message]
2003-11-24 20:42 ` Mike Fedyk
2003-11-24 17:14 ` Richard B. Johnson
2003-11-24 17:35 ` Jamie Lokier
2003-11-24 18:57 ` aic7xxx loading oops in 2.6.0-test10 Alexander Nyberg
2003-11-24 20:03 ` Ken Witherow
[not found] ` <Pine.LNX.4.58.0311241524310.1245@morpheus>
2003-11-24 20:49 ` Ken Witherow
2003-11-24 23:42 ` Dick Streefland
2003-11-25 3:16 ` hard links create local DoS vulnerability and security problems Matthias Andree
2003-11-25 14:48 ` Jan Kara
2003-11-25 15:27 ` Jakob Lell
2003-11-24 17:37 ` Rudo Thomas
2003-11-24 18:10 ` Richard B. Johnson
2003-11-24 18:22 ` Valdis.Kletnieks
2003-11-24 22:17 ` [OT] " Rudo Thomas
2003-11-24 17:57 ` Jakob Lell
2003-11-24 18:08 ` splite
2003-11-24 18:13 ` Richard B. Johnson
2003-11-24 18:24 ` Jakob Lell
2003-11-24 23:57 ` bill davidsen
2003-11-24 18:18 ` Jakob Lell
2003-11-24 18:29 ` Valdis.Kletnieks
2003-11-24 19:25 ` hard links create local DoS vulnerability and security proble Mathieu Chouquet-Stringer
2003-11-24 20:00 ` Valdis.Kletnieks
2003-11-24 20:02 ` Mathieu Chouquet-Stringer
2003-11-24 20:22 ` H. Peter Anvin
2003-11-24 18:21 ` hard links create local DoS vulnerability and security problems Michael Buesch
2003-11-24 18:35 ` Jakob Lell
2003-11-24 18:53 ` Chris Wright
2003-11-25 0:04 ` bill davidsen
2003-11-25 13:54 ` Jesse Pollard
2003-11-24 23:50 ` bill davidsen
2003-11-25 0:22 ` Mike Fedyk
2003-11-25 0:35 ` Chris Wright
2003-11-25 8:15 ` Amon Ott
2003-11-25 16:11 ` Bill Davidsen
2003-11-25 11:26 ` Gianni Tedesco
[not found] <fa.hevpbbs.u5q2r6@ifi.uio.no>
[not found] ` <fa.l1quqni.v405hu@ifi.uio.no>
2003-11-24 20:54 ` Andy Lutomirski
2003-11-24 21:16 ` Linus Torvalds
2003-11-24 23:28 ` Ricky Beam
2003-11-24 22:04 ` John Bradford
2003-11-24 22:12 ` Måns Rullgård
2003-11-25 12:10 ` John Bradford
2003-11-25 12:18 ` Måns Rullgård
2003-11-25 13:12 ` John Bradford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yw1x1xrxpuha.fsf@kth.se \
--to=mru@kth.se \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.