Date: Sun, 9 Jun 1996 23:26:16 -0400 (EDT) From: Brian Tao <taob@io.org> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: freebsd-security@freebsd.org Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue? Message-ID: <Pine.NEB.3.92.960609232322.23792E-100000@zap.io.org> In-Reply-To: <199606100300.UAA15048@GndRsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jun 1996, Rodney W. Grimes wrote:
>
> Denial of service attack:
> cat /dev/zero >/var/spool/mqueue/onebigwhole bs=32b
>
> world writable directories are a bigger problem, IMHO, than a suid
> sendmail.
True enough, but since /tmp already puts the server in that
position, I'm not overly worried about someone pulling this kind of
stunt. At least the file will have their username stamped on it. :)
OTOH, a more creative user could write a script that fills the
directory with symlinks, exhaust all the inodes *and* not leave behind
any telltale pointers to his identity. :(
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960609232322.23792E-100000>