Re: hard links create local DoS vulnerability and security problems

[Måns Rullgård]

John Bradford <john@xxxxxxxxxxxx> writes:

>> > They can truncate the file to zero length, though, then delete the
>> > 'original' link, making all of the other links point to the zero
>> > length file.
>> 
>> It could be tricky to find those extra links if the original has been
>> deleted, of course.
>
> True, but as long as at least one of the links which has been made to
> the original file is in a directory you have access to, you can simply
> create a new link to the file, truncate it, then delete your newly
> created link, so actually deleting the 'original' link is not
> necessarily a problem :-).

There's no need to make a new link, since any links will be owned by
the original owner.  That was the concern in the first place.  The
problem is finding a link after the file has been deleted.  It could
be hidden away somewhere in a directory you don't have read or execute
permission for.

-- 
Måns Rullgård
mru@xxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/