From owner-freebsd-security  Wed Mar 17  4:37:29 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xkis.kis.ru (xkis.kis.ru [195.98.32.200])
	by hub.freebsd.org (Postfix) with ESMTP
	id 135DB15614; Wed, 17 Mar 1999 04:37:23 -0800 (PST)
	(envelope-from dv@dv.ru)
Received: from localhost (dv@localhost)
          by xkis.kis.ru (8.9.0/8.9.0) with SMTP id PAA05380;
          Wed, 17 Mar 1999 15:37:03 +0300 (MSK)
Date: Wed, 17 Mar 1999 15:37:03 +0300 (MSK)
From: Dmitry Valdov <dv@dv.ru>
X-Sender: dv@xkis.kis.ru
To: freebsd-current@freebsd.org, freebsd-security@freebsd.org
Subject: Re: disk quota overriding
In-Reply-To: <Pine.BSF.3.95q.990317143707.15120A-100000@xkis.kis.ru>
Message-ID: <Pine.BSF.3.95q.990317153543.5316A-100000@xkis.kis.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi!


I think that there is only one way to fix it - it's to disable making
*hard*links to directory with mode 1777.

On Wed, 17 Mar 1999, Dmitry Valdov wrote:

> Date: Wed, 17 Mar 1999 14:42:46 +0300 (MSK)
> From: Dmitry Valdov <dv@dv.ru>
> To: freebsd-current@freebsd.org, freebsd-security@freebsd.org
> Subject: disk quota overriding
> 
> Hi!
> 
> There is a way to overflow / filesystem even is quota is enabled.
> 
> Just make many hard links (for example /bin/sh) to /tmp/
> 
> for ($q=0;$q<100000;$q++){
> system ("ln /bin/sh /tmp/ln$q");
> }
> 
> Because /tmp directory usually owned by root that why quotas has no effect.
> *Directory* size of /tmp can be grown up to available space on / filesystem.
> 
> Any way to fix it?
> 
> Dmitry.
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message