[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9

On Fri, Sep 08, 2000 at 09:12:38AM -0400, Michael Stone wrote:
> On Sat, Sep 09, 2000 at 12:00:19AM +1100, CaT wrote:
> > a. a possible way around quotas set on /home b. a method of fully
> > filling up /var, thereby potentially causing log entries to be
> > lost which, in turn, gives the user anice, untracable way of then
> How would this be different from putting things in /var/tmp,

Make /var/tmp a seperate partition. I've already seen /var/tmp
severly screwup a system when it was part of /var. (I also always
make /tmp a seperate partition)

> /var/lock, etc.?

Hmmm. Interesting. Why is it so? Redhat at least doesn't appear
to have it globally writeable (at least the systems I just checked)
so does it really need to be? (don't take this as a redhat vs debian 
thing but more of a 'I've got an example to the contrary' thing :)

CaT (cat@zip.com.au)

	'He had position, but I was determined to score.'
		-- Worf, DS9, Season 5: 'Let He Who Is Without Sin...'

Reply to: