Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: General :: linuxfs.txt

users can override quotas and kernel resource limits by storing data inside filenames.

[ ]

Date:         Sun, 5 Jul 1998 10:12:43 +0200
From:         Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
Subject:      Linux kernel filesystem oddities


Any amount of data, overriding quotas and kernel resource limits, can be
stored in root-owned +t directory (like /tmp) - inside... filenames!
It sounds strange, so here's an example: hard-links to root-owned files
are NOT owned by you (so you may create any amount of them). I'm assuming
directory isn't owned by you, also... And every filename can store over
100 bytes of data (255 characters). So, to store 1 MB, you need about 10000
hardlinks - it isn't such a big number. Stored data will be accounted only
in directory size, and, as long as this dir is root-owned, only root will be
charged for it.

Ah, the same problems are with FIFOs created in root-owned dirs, because
FIFO is not treated as file.

To Alan: You might not argue with me, but I think there's something wrong with
Linux philosophy, if any user is able to bypass kernel file limits and quotas.
But it seems to be hard to fix. FIFO (and maybe other 'non-file' objects) should
be probably treated as ordinary file when calculating quota. But there will be
problem with hard-links - creator of this object is not saved anywhere, and
his UID might be not equal to owner UID - so we can't determine who is
'responsible', and who should be accounted for it. Btw. it causes also other problems:
luser can create hard-link to other user's file and move it to +t directory, but
he will be unable to delete or move it back from this directory, because he isn't
an owner.

PS. Solar Designer's secure-linux-03 patch fixes at least hard-link

Michal Zalewski [] <= finger for pub PGP key
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]

Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH