[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9



On Fri, Sep 08, 2000 at 10:07:37PM -0400, Matthew W Miller wrote:
> {Big Snip}
> How would a quota stop the user from stuffing /var to its limit? Isn't
> that part of the problem where the user could stuff /var and hemorrage the
> logs?

hmm quota seems to stop that just fine here:

[eb@socrates eb]$ cd /var/lock/
[eb@socrates lock]$ df /var
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/hda8              1032088    298940    680720  31% /var
[eb@socrates lock]$ cat /dev/zero > bloat
/var: warning, user disk quota exceeded
                                       /var: write failed, user disk limit reached.
                                                                                   cat: write error: Disk quota exceeded
[eb@socrates lock]$ df /var
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/hda8              1032088    314260    665400  32% /var
[eb@socrates lock]$

now what quota (nor moving /var/run/screen) will NOT fix is stuffing
/var via /usr/bin/logger (that is just a bit more work then the above)

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp4evz2WmMgd.pgp
Description: PGP signature


Reply to: