Date: Tue, 21 Mar 1995 14:57:17 +1000 From: Bruce Evans <bde@zeta.org.au> To: hackers@FreeBSD.org, jbeukema@hk.super.net Subject: Re: Denial of resource attacks Message-ID: <199503210457.OAA04361@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Well, surprise, rm -r fails when the maximum path length is exceeded. I >was forced to write another shell script to step down the chain to the end >and then remove the directories one by one. Time down 1 1/2 hours (am not >very good at shell programing). Another rm (gnu) might have worked. It's easy for rm to recurse and chdir down the tree itself. This is probably the fastest way to do it anyway. One problem is that it may be hard to chdir back up the tree. (Damaged) subdirectories may be missing their ".." entry. Parent directories may have been renamed. I thought the FreeBSD rm did chdir down the tree. It uses fts. fts chdir's down the tree unless the FTS_NOCHDIR flag is set. rm always sets this flag! >Questions: >1. Is there any other way to protect against this type of attack than >quotas? No. >2. Do quotas work well? Don't know. >3. Might it be a good idea to limit the creation of sub-directories >when the max path length will be exceeded, so that rm -r will >continue to work? No. rm should be fixed. It may take a long time to remove deeply nested directories, but it will take a long time to create them too, and wasting resources for this is no worse than wasting resources for creating and deleting files. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503210457.OAA04361>