Re: Bug#556522: hurd - using the login shell is insecure

To: debian-hurd@lists.debian.org
Subject: Re: Bug#556522: hurd - using the login shell is insecure
From: Samuel Thibault <sthibault@debian.org>
Date: Fri, 20 Nov 2009 01:20:10 +0100
Message-id: <[🔎] 20091120002010.GE5099@const.famille.thibault.fr>
Mail-followup-to: debian-hurd@lists.debian.org
In-reply-to: <[🔎] 20091118230617.GJ4511@alien.local>
References: <[🔎] 20091116142745.GA5364@wavehammer.waldi.eu.org> <[🔎] 20091117002259.GJ19153@alien.local> <[🔎] 20091118002033.GD4889@const.famille.thibault.fr> <[🔎] 20091118230617.GJ4511@alien.local>

olafBuddenhagen@gmx.net, le Thu 19 Nov 2009 00:06:21 +0100, a écrit :
> On Wed, Nov 18, 2009 at 01:20:33AM +0100, Samuel Thibault wrote:
> > olafBuddenhagen@gmx.net, le Tue 17 Nov 2009 01:23:02 +0100, a écrit :
> > > On Mon, Nov 16, 2009 at 03:27:45PM +0100, Bastian Blank wrote:
> 
> > > actually the access of the login shell is controlled by the
> > > "unknown" permissions -- a special fourth set of file permission
> > > bits.
> > 
> > Which still permits to fill /tmp with files,
> 
> Well, depends on u's permissions on /tmp... :-)

Not only that, but also burning CPU, allocating memory, etc.

Samuel

Reply to:

Follow-Ups:
- Re: Bug#556522: hurd - using the login shell is insecure
  - From: <olafBuddenhagen@gmx.net>

References:
- Bug#556522: hurd - using the login shell is insecure
  - From: Bastian Blank <waldi@debian.org>
- Bug#556522: hurd - using the login shell is insecure
  - From: <olafBuddenhagen@gmx.net>
- Re: Bug#556522: hurd - using the login shell is insecure
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Bug#556522: hurd - using the login shell is insecure
  - From: <olafBuddenhagen@gmx.net>

Prev by Date: Re: Bug#556522: hurd - using the login shell is insecure
Next by Date: [debian-hurd-Patches][312018] #552383: boost 1.40.0
Previous by thread: Re: Bug#556522: hurd - using the login shell is insecure
Next by thread: Re: Bug#556522: hurd - using the login shell is insecure
Index(es):
- Date
- Thread