Re: hard links create local DoS vulnerability and security problems

From: John Bradford
Date: Tue Nov 25 2003 - 07:14:42 EST

Next message: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Previous message: Marcelo Tosatti: "Linux 2.4.23-rc5"
In reply to: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quote from mru@xxxxxx (=?iso-8859-1?q?M=E5ns_Rullg=E5rd?=):
> John Bradford <john@xxxxxxxxxxxx> writes:
>
> >> Right... but non-privileged users _can't_ delete these extra links, =
> even=20
> >> if they notice them from the link count.
> >
> > They can truncate the file to zero length, though, then delete the
> > 'original' link, making all of the other links point to the zero
> > length file.
>
> It could be tricky to find those extra links if the original has been
> deleted, of course.

True, but as long as at least one of the links which has been made to
the original file is in a directory you have access to, you can simply
create a new link to the file, truncate it, then delete your newly
created link, so actually deleting the 'original' link is not
necessarily a problem :-).

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Previous message: Marcelo Tosatti: "Linux 2.4.23-rc5"
In reply to: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Måns Rullgård: "Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]