Re: hard links on Linux create local DoS vulnerability and security problems

To: flaps@xxxxxxxxxxxxxxx (Alan J Rosenthal), bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: hard links on Linux create local DoS vulnerability and security problems
From: Carl Ekman <calle@xxxxxxxx>
Date: Mon, 24 Nov 2003 19:38:38 +0100
In-reply-to: <20031124174512.76AD94F85A@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20031124174512.76AD94F85A@xxxxxxxxxxxxxxxxxxxxx>
User-agent: KMail/1.5.4

Since many systems have /tmp on the root filesystem /tmp could also be used to 
link to setuid binaries.

> The link to setuid programs is more of concern except that it won't be able
> to happen unless you have setuid-root programs in a home directory
> partition, which sounds bad anyway.

References:
- Re: hard links on Linux create local DoS vulnerability and security problems
  - From: Alan J Rosenthal

Prev by Date: GLSA: glibc (200311-05)
Next by Date: Re: m00-mod_gzip.c
Previous by thread: Re: hard links on Linux create local DoS vulnerability and security problems
Next by thread: Re: hard links on Linux create local DoS vulnerability and security problems
Index(es):
- Date
- Thread