Date: Wed, 17 Mar 1999 10:19:14 -0500 From: Dan Tso <dan@tsolab.org> To: Dmitry Valdov <dv@dv.ru> Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding Message-ID: <36EFC7F2.860738C4@tsolab.org> References: <Pine.BSF.3.95q.990317143707.15120A-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Valdov wrote:
> There is a way to overflow / filesystem even is quota is enabled.
>
> Just make many hard links (for example /bin/sh) to /tmp/
>
> for ($q=0;$q<100000;$q++){
> system ("ln /bin/sh /tmp/ln$q");
> }
>
> Because /tmp directory usually owned by root that why quotas has no effect.
> *Directory* size of /tmp can be grown up to available space on / filesystem.
>
> Any way to fix it?
I've always thought that /tmp should be its own filesystem
anyways and I generally make it so. Avoids all sorts of nasties.
It seems silly to mix up the most vital system files on the same
filesystem as the most volitile, damage-prone directory (/tmp). Its
better to newfs /tmp regularly.
As far as the other issue, the ability to fill up any
public 777 directory even with quotas, perhaps the quota system
should look at the 1000 bit and do something special with it.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36EFC7F2.860738C4>