[7189] in bugtraq
Re: Linux kernel filesystem oddities
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Wed Jul 8 14:05:07 1998
Date: Wed, 8 Jul 1998 19:12:20 +0200
Reply-To: peak@kerberos.troja.mff.cuni.cz
From: Pavel Kankovsky <peak@KERBEROS.TROJA.MFF.CUNI.CZ>
X-To: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980705101136.752A-100000@genome>
On Sun, 5 Jul 1998, Michal Zalewski wrote:
> Any amount of data, overriding quotas and kernel resource limits, can be
> stored in root-owned +t directory (like /tmp) - inside... filenames!
Interesting... the same idea popped up in my mind during the weekend.
On the other hand, I am sure this is not Linux specific.
[...]
> Ah, the same problems are with FIFOs created in root-owned dirs, because
> FIFO is not treated as file.
>
> To Alan: You might not argue with me, but I think there's something wrong with
> Linux philosophy, if any user is able to bypass kernel file limits and quotas.
FIFO itself occupies a single inode, no block, therefore charging inode
quota but not block quota is correct.
> But it seems to be hard to fix. FIFO (and maybe other 'non-file' objects) should
> be probably treated as ordinary file when calculating quota.
> But there will be problem with hard-links - creator of this object is...
Hardlink is not a fs object, it is a directory entry.
The world writable directory is a real problem. It is similar to world
writable files: anyone can use them to store data on its owner.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."
