From owner-freebsd-security  Thu Mar 18  8:16:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id C5DFA15404; Thu, 18 Mar 1999 08:16:39 -0800 (PST)
	(envelope-from jwyatt@RWSystems.net)
Received: from kasie.rwsystems.net([209.197.192.103]) (1988 bytes) by host07.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@RWSystems.net>) 
	id <m10NfEe-000bxcC@host07.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Thu, 18 Mar 1999 10:01:28 -0600 (CST)
	(Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24)
Date: Thu, 18 Mar 1999 10:01:20 -0600 (CST)
From: James Wyatt <jwyatt@RWSystems.net>
To: Andrew McNaughton <andrew@squiz.co.nz>
Cc: "Daniel C. Sobral" <dcs@newsguy.com>, Dmitry Valdov <dv@dv.ru>,
	freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: disk quota overriding 
In-Reply-To: <199903181243.BAA22599@aniwa.sky>
Message-ID: <Pine.BSF.4.05.9903180956010.29893-100000@kasie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 19 Mar 1999, Andrew McNaughton wrote:
> > Dmitry Valdov wrote:
> > > I think that there is only one way to fix it - it's to disable making
> > > *hard*links to directory with mode 1777.
> 

> I don't use quotas, and don't know a great deal about how they
> operate, but I think there's another disk filling DOS involving hard
> links lurking which the above measure would also solve. If a user
> starts making hard links to (large and growing) log files, with the
> new links being placed in /var/mail, then presumably those log files
> will not be deleted correctly as they are rolled over, and will
> quickly accumulate.
>  
> This could not bring down a system as rapidly as growing the publicly
> writable directory with lots of links, but it is not desirable system
> behaviour.

This is beginning to sound like a broken record:

1) I usually move mail to /var/spool/mail, 2) You can't hard link between
/var and /var/spool partitions. On some machines /var/log is a filesys
to prevent logfile overflows from filling /var anyway.

I usually make a different /var/spool on largish machines to help upgrades
go faster. I tend to unmount it, /home, and /usr/local and completely
replace the OS.

No doubt there are other ways to fix this... - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message