From owner-freebsd-security Wed Mar 17 3:53:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from xkis.kis.ru (xkis.kis.ru [195.98.32.200]) by hub.freebsd.org (Postfix) with ESMTP id 66B2814CFB; Wed, 17 Mar 1999 03:53:52 -0800 (PST) (envelope-from dv@dv.ru) Received: from localhost (dv@localhost) by xkis.kis.ru (8.9.0/8.9.0) with SMTP id OAA21067; Wed, 17 Mar 1999 14:53:19 +0300 (MSK) Date: Wed, 17 Mar 1999 14:53:19 +0300 (MSK) From: Dmitry Valdov X-Sender: dv@xkis.kis.ru To: Jay Tribick Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding In-Reply-To: <19990317114932.Z21466@bofh.fastnet.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 Mar 1999, Jay Tribick wrote: > Date: Wed, 17 Mar 1999 11:49:32 +0000 > From: Jay Tribick > To: Dmitry Valdov > Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG > Subject: Re: disk quota overriding > > Hi > > > There is a way to overflow / filesystem even is quota is enabled. > > > > Just make many hard links (for example /bin/sh) to /tmp/ > > > > for ($q=0;$q<100000;$q++){ > > system ("ln /bin/sh /tmp/ln$q"); > > } > > > > Because /tmp directory usually owned by root that why quotas has no effect. > > *Directory* size of /tmp can be grown up to available space on / filesystem. > > > > Any way to fix it? > > Haven't tested this, but are you sure it fills the filesystem up - > all a hard link is, is a file with the same inode as the > original file (correct me if I'm wrong) - therefore it > doesn't actually use any space other than that required > to store the file entry. ^^^^^^^^^^^^^^^^^^^^^ Yes. But /tmp dir is under root filesystem. So *directory* size of /tmp can be grown up to free space on /. Which will result 0 bytes free on / :) All available space will be used to store directory entries. Dmitry. PS. Sorry for my english. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message