also sprach Mark-Walter@t-online.de <Mark-Walter@t-online.de> [2004.10.30.1735 +0200]: > I'am interested to obtain information how an unsecure usage of the > directory /tmp is to be avoided within a project which is called > symlink attack. In a symlink attack, an attacker creates a symlink, e.g. /tmp/myapp.tmp > /etc/shadow, causing either /etc/shadow to be truncated (DoS attack), or giving the attacker leighway to make the application (which must run as root) overwrite the root password in the shadow file (e.g. with a buffer overflow or another weakness in myapp.tmp). One way to prevent this is to use O_NOFOLLOW in the open(2) call. However, this is not POSIX. See `man 2 open` for more info. > Especially I'am interested if it's a difference to have quota > deactivated and a user is filling your hardisk to the limit, or > not. That has very little to do with symlink attacks. If a user fills the harddisk (or sets the max file limit to 0), processes opening files for reading are likely going to destroy the contents as there is not enough space available to write back the modified copy after reading it. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature