From owner-freebsd-security Wed Mar 17 19: 0:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136]) by hub.freebsd.org (Postfix) with ESMTP id 3B69414C99 for ; Wed, 17 Mar 1999 19:00:47 -0800 (PST) (envelope-from pajarola@cybertime.ch) Received: from tiamat.dlc.cybertime.ch (tiamat.dlc.cybertime.ch [194.191.120.143]) by ppc1.cybertime.ch (8.9.2/8.9.2) with SMTP id EAA65572; Thu, 18 Mar 1999 04:00:18 +0100 Message-Id: <3.0.32.19990318034657.00a1f100@shrike.overmind.ch> X-Sender: pajarola@shrike.overmind.ch X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 18 Mar 1999 04:00:28 +0100 To: security@FreeBSD.ORG From: Rico Pajarola Subject: Re: disk quota overriding Cc: Dmitry Valdov Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's just another symptom of the hardlink-to-files-you-dont-own problem. It allows you to create files (or at least directory entries for files) you don't own. I'd really like to have a mount-option (or maybe a sysctl) to prevent that behaviour (allow hardlinks only if you could write to the file). I use hardlinks very often, but I never had a case where someone should have been able to hardlink to a file he didn't own AND a symlink wasn't good enough (for whatever reason). I extensively use hardlinks (diskless workstations) so I wouldn't like to see them go completely, but I always thought it was impossible to hardlink to files you can't write to, until I tried it myself after the recent discussion. It allows you to create directory entries for files you couldn't have created yourself, which is somehow strange. I very often have home on /usr, because usually that's the place where all the excess disk space goes (on machines with shell users I always made them a separate partition, thank god, but only because I don't completely trust quotas, and I don't want to give my users even the slightest chance to overflow /usr). On all other partitions, they're not allowed to do anything. Besides, I consider /tmp on / filesystem a bad thing anyway (I like the idea of a ro / filesystem where only root can write to, and also only 'by hand'). If I don't have enough disk space to make it an own partition, I link it to /usr/root-tmp or something like that. Rico >Hi! > >There is a way to overflow / filesystem even is quota is enabled. > >Just make many hard links (for example /bin/sh) to /tmp/ > >for ($q=0;$q<100000;$q++){ >system ("ln /bin/sh /tmp/ln$q"); >} > >Because /tmp directory usually owned by root that why quotas has no effect. >*Directory* size of /tmp can be grown up to available space on / filesystem. > >Any way to fix it? > >Dmitry. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message