From: mru@kth.se (Måns Rullgård)
To: linux-kernel@vger.kernel.org
Subject: Re: hard links create local DoS vulnerability and security problems
Date: Tue, 25 Nov 2003 13:18:14 +0100 [thread overview]
Message-ID: <yw1xllq4d4l5.fsf@kth.se> (raw)
In-Reply-To: 200311251210.hAPCAAGo000750@81-2-122-30.bradfords.org.uk
John Bradford <john@grabjohn.com> writes:
>> > They can truncate the file to zero length, though, then delete the
>> > 'original' link, making all of the other links point to the zero
>> > length file.
>>
>> It could be tricky to find those extra links if the original has been
>> deleted, of course.
>
> True, but as long as at least one of the links which has been made to
> the original file is in a directory you have access to, you can simply
> create a new link to the file, truncate it, then delete your newly
> created link, so actually deleting the 'original' link is not
> necessarily a problem :-).
There's no need to make a new link, since any links will be owned by
the original owner. That was the concern in the first place. The
problem is finding a link after the file has been deleted. It could
be hidden away somewhere in a directory you don't have read or execute
permission for.
--
Måns Rullgård
mru@kth.se
next prev parent reply other threads:[~2003-11-25 12:18 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.hevpbbs.u5q2r6@ifi.uio.no>
[not found] ` <fa.l1quqni.v405hu@ifi.uio.no>
2003-11-24 20:54 ` hard links create local DoS vulnerability and security problems Andy Lutomirski
2003-11-24 21:16 ` Linus Torvalds
2003-11-24 23:28 ` Ricky Beam
2003-11-24 22:04 ` John Bradford
2003-11-24 22:12 ` Måns Rullgård
2003-11-25 12:10 ` John Bradford
2003-11-25 12:18 ` Måns Rullgård [this message]
2003-11-25 13:12 ` John Bradford
2003-11-24 16:36 Jakob Lell
2003-11-24 17:05 ` Måns Rullgård
2003-11-24 20:42 ` Mike Fedyk
2003-11-24 17:14 ` Richard B. Johnson
2003-11-24 17:35 ` Jamie Lokier
2003-11-25 3:16 ` Matthias Andree
2003-11-25 14:48 ` Jan Kara
2003-11-25 15:27 ` Jakob Lell
2003-11-24 17:37 ` Rudo Thomas
2003-11-24 18:10 ` Richard B. Johnson
2003-11-24 18:22 ` Valdis.Kletnieks
2003-11-24 17:57 ` Jakob Lell
2003-11-24 18:08 ` splite
2003-11-24 18:13 ` Richard B. Johnson
2003-11-24 18:24 ` Jakob Lell
2003-11-24 23:57 ` bill davidsen
2003-11-24 18:18 ` Jakob Lell
2003-11-24 18:29 ` Valdis.Kletnieks
2003-11-24 18:21 ` Michael Buesch
2003-11-24 18:35 ` Jakob Lell
2003-11-24 18:53 ` Chris Wright
2003-11-25 0:04 ` bill davidsen
2003-11-25 13:54 ` Jesse Pollard
2003-11-24 23:50 ` bill davidsen
2003-11-25 0:22 ` Mike Fedyk
2003-11-25 0:35 ` Chris Wright
2003-11-25 8:15 ` Amon Ott
2003-11-25 16:11 ` Bill Davidsen
2003-11-25 11:26 ` Gianni Tedesco
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yw1xllq4d4l5.fsf@kth.se \
--to=mru@kth.se \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox