Linux kernel filesystem oddities

From: Michal Zalewski (lcamtufat_private)
Date: Sun Jul 05 1998 - 01:12:43 PDT

Next message: M.C.Mar: "Re: allocslip"

Previous message: Lamont Granquist: "port 0 scanning"
Next in thread: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Michal Zalewski: "Re: Linux kernel filesystem oddities"
Reply: Jeffrey Hutzelman: "Re: Linux kernel filesystem oddities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Any amount of data, overriding quotas and kernel resource limits, can be
stored in root-owned +t directory (like /tmp) - inside... filenames!
It sounds strange, so here's an example: hard-links to root-owned files
are NOT owned by you (so you may create any amount of them). I'm assuming
directory isn't owned by you, also... And every filename can store over
100 bytes of data (255 characters). So, to store 1 MB, you need about 10000
hardlinks - it isn't such a big number. Stored data will be accounted only
in directory size, and, as long as this dir is root-owned, only root will be
charged for it.

Ah, the same problems are with FIFOs created in root-owned dirs, because
FIFO is not treated as file.

To Alan: You might not argue with me, but I think there's something wrong with
Linux philosophy, if any user is able to bypass kernel file limits and quotas.
But it seems to be hard to fix. FIFO (and maybe other 'non-file' objects) should
be probably treated as ordinary file when calculating quota. But there will be
problem with hard-links - creator of this object is not saved anywhere, and
his UID might be not equal to owner UID - so we can't determine who is
'responsible', and who should be accounted for it. Btw. it causes also other problems:
luser can create hard-link to other user's file and move it to +t directory, but
he will be unable to delete or move it back from this directory, because he isn't
an owner.

PS. Solar Designer's secure-linux-03 patch fixes at least hard-link
problems.

_______________________________________________________________________
Michal Zalewski [lcamtufat_private] <= finger for pub PGP key
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNZ81L5ZGvqO8h0ppAQHqKwP/SDh9Yc74qypHrzdbQ7m+us9v5Blts67o
KEya466w2QMt2seI8UISQxI5mL/aadvRfX2Xq0cLBDRsbPh2kIE7ARQiaAOHPpqR
WSL35XagUD6IIg4NFOYWg7sm8uo9RhCiETQeMW4pcgDOhIDa2SsoFmd3fWzLfeWX
Z16J+goEyCc=
=GRMz
-----END PGP SIGNATURE-----

Next message: M.C.Mar: "Re: allocslip"
Previous message: Lamont Granquist: "port 0 scanning"
Next in thread: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Pavel Kankovsky: "Re: Linux kernel filesystem oddities"
Reply: Michal Zalewski: "Re: Linux kernel filesystem oddities"
Reply: Jeffrey Hutzelman: "Re: Linux kernel filesystem oddities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:18 PDT