[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible security flaw in screen 3.9.5-9

On Fri, Sep 08, 2000 at 06:17:59PM -0800, Ethan Benson wrote:
> now what quota (nor moving /var/run/screen) will NOT fix is stuffing
> /var via /usr/bin/logger (that is just a bit more work then the above)

 An important difference between those methods of filling the disk is that
the log file method can't be undone to cover your tracks.  If you make /var
full by writing in /var/tmp so logging stops, then do something nasty, then
delete your files, the sysadmin won't have logs of your something nasty, but
may not suspect anything wrong occured.  root usually has 5% of the disk
reserved, so you could fill it to that point (or as far as your quota
allowed) and wait for normal log activity to fill the rest of the disk.

> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: