From owner-freebsd-current  Thu Mar 18  6:25:19 1999
Delivered-To: freebsd-current@freebsd.org
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2849D15404; Thu, 18 Mar 1999 06:25:15 -0800 (PST)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA00307;
	Thu, 18 Mar 1999 09:23:43 -0500 (EST)
	(envelope-from robert@cyrus.watson.org)
Date: Thu, 18 Mar 1999 09:23:43 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Andrew McNaughton <andrew@squiz.co.nz>
Cc: "Daniel C. Sobral" <dcs@newsguy.com>, Dmitry Valdov <dv@dv.ru>,
	freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: disk quota overriding 
In-Reply-To: <199903181243.BAA22599@aniwa.sky>
Message-ID: <Pine.BSF.3.96.990318092103.298B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 19 Mar 1999, Andrew McNaughton wrote:

> > Dmitry Valdov wrote:
> > > I think that there is only one way to fix it - it's to disable making
> > > *hard*links to directory with mode 1777.
> 
> I don't use quotas, and don't know a great deal about how they operate,
> but I think there's another disk filling DOS involving hard links
> lurking which the above measure would also solve. 
> 
> If a user starts making hard links to (large and growing) log files,
> with the new links being placed in /var/mail, then presumably those log
> files will not be deleted correctly as they are rolled over, and will
> quickly accumulate. 
> 
> This could not bring down a system as rapidly as growing the publicly
> writable directory with lots of links, but it is not desirable system
> behaviour. 

So, yet another risk associated with allowing hard links :-).  Again,
presumably the answer here is either a) restrict the creation of hard
links, and b) make sure that users never have write access to any
partition you don't want them to have the ability to preserve files on.

The linking behavior in conjunction with quotas makes a lot of sense: if a
user wants to consume someone else's quota, she just hard links to their
files so they cannot delete them.  And if she are mean, she links to them
in private directories so the victim cannot find the links.  Even if the
user truncates the file, the inode is still consumed in their name.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message