From: Mark Mielke <mark@mark.mielke.cc>
To: Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>
Cc: elladan@eskimo.com, Christoph Hellwig <hch@infradead.org>,
Linux-Kernel <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] ext2 and ext3 block reservations can be bypassed
Date: Tue, 14 May 2002 15:55:04 -0400 [thread overview]
Message-ID: <20020514155504.D22935@mark.mielke.cc> (raw)
In-Reply-To: <200205141854.NAA59350@tomcat.admin.navo.hpc.mil>
I.e. a fix to ext2/ext3 is not horribly useful.
mark
On Tue, May 14, 2002 at 01:54:40PM -0500, Jesse Pollard wrote:
> --------- Received message begins Here ---------
>
> >
> > Don't put /var/log on the same file system as /home, and don't grant
> > access to /var/log to any normal userid.
> >
> > This isn't 'new'.
>
> Also not relevent. If you want to get picky, don't put root, /usr, /var
> and /etc on the same filesystem. Make them all separate. Don't put
> /tmp, /var/tmp, on the same filesystem either. Mount /usr read only.
> mount / read only, mount all user writable filesystems nosetuid, nosetgid.
>
> However, not all daemons run as root, but do log into /var/adm or /var/log.
> If these fill up the log device without restraint, then your audit logs will
> ALSO be affected (unless you have syslog send them to a different host).
>
> Users don't have to have access to the filesystem to cause write activity
> to it. The reserved space is just a small thing. It can't catch everything,
> but the system CAN continue to function after the filesystem fills up.
> Hopefully, long enough to record events and allow the administrator to
> clean up. That is the ONLY security function it has.
>
> > mark
> >
> >
> > On Tue, May 14, 2002 at 12:53:47PM -0500, Jesse Pollard wrote:
> > > If the root file system is ext2, it does become a security issue since
> > > currently active logs will continue to record log entries until the
> > > filesystem is absolutly filled. I should say, if the log device fills up,
> > > since the log directory is usually /var/log, or /var/adm. Some logs show
> > > up in etc, but that really depends on the configuration. It IS usefull if the
> > > filesystem is "full" due to attacks - daemons tend to terminate themselves,
> > > and their log entry indicates what the problem was. If it is an attack, then
> > > it's a security issue.
> > >
> > > The only reason it helps fragmentation (subject to actual implementor
> > > statements) is that the filesystem code will use every scavanged block
> > > possible under saturation. When the filesystem gets cleand up later,
> > > these excessively fragmented files will remain, and continue to cause
> > > access delays.
> > >
> > > Naturally, deleting (or backup/restore) the file(s) cleans up the fragmentation.
> > >
>
> -------------------------------------------------------------------------
> Jesse I Pollard, II
> Email: pollard@navo.hpc.mil
>
> Any opinions expressed are solely my own.
--
mark@mielke.cc/markm@ncf.ca/markm@nortelnetworks.com __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada
One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...
http://mark.mielke.cc/
next prev parent reply other threads:[~2002-05-14 20:00 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-14 18:54 [RFC] ext2 and ext3 block reservations can be bypassed Jesse Pollard
2002-05-14 19:04 ` Alexander Viro
2002-05-14 19:55 ` Mark Mielke [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-05-14 19:29 Jesse Pollard
2002-05-14 18:07 Jesse Pollard
2002-05-14 18:00 Jesse Pollard
2002-05-14 17:53 Jesse Pollard
2002-05-14 18:23 ` Mark Mielke
2002-05-14 19:11 ` Alexander Viro
[not found] <791836807@toto.iv>
2002-05-12 22:04 ` Peter Chubb
2002-05-12 22:53 ` Alexander Viro
2002-05-13 4:22 ` Kasper Dupont
2002-05-13 4:51 ` Elladan
2002-05-12 16:23 Kasper Dupont
2002-05-12 16:42 ` Jakob Østergaard
2002-05-12 17:34 ` Elladan
2002-05-12 18:15 ` Alexander Viro
2002-05-12 18:37 ` Elladan
2002-05-12 19:02 ` Jakob Østergaard
2002-05-12 19:04 ` Mark Mielke
2002-05-13 17:09 ` Horst von Brand
2002-05-13 17:52 ` Elladan
2002-05-13 17:57 ` Christoph Hellwig
2002-05-14 16:22 ` Elladan
2002-05-14 16:55 ` Mark Mielke
2002-05-14 17:47 ` Elladan
2002-05-14 18:51 ` Kasper Dupont
2002-05-15 19:48 ` Pavel Machek
2002-05-15 20:29 ` Alan Cox
2002-05-14 15:40 ` Kasper Dupont
2002-05-14 15:56 ` Mark Mielke
2002-05-14 18:25 ` Kasper Dupont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020514155504.D22935@mark.mielke.cc \
--to=mark@mark.mielke.cc \
--cc=elladan@eskimo.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pollard@tomcat.admin.navo.hpc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox