[Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems

vb_at_dontpanic.ulm.ccc.de
Date: 11/25/03

  • Next message: vb_at_dontpanic.ulm.ccc.de: "Re: [Full-Disclosure] os x 10.2.x has 8 character password limit"
    To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
    Date: Tue, 25 Nov 2003 13:32:44 +0100
    
    

    On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
    > to another user. This hard link continues to exist even if the original file
    > is removed by the owner. However, as the link still belongs to the original
    > owner, it is still counted to his quota. If a malicious user creates hard
    > links for every temp file created by another user, this can make the victim
    > run out of quota (or even fill up the hard disk). This makes a local DoS
    > attack possible.

    Every *NIX filesystem has such links.

    I cannot see a DoS-attack with that fact, because a user will address
    his sysadmin with that problem. And the BOFH^Wsysadmin will then wag
    a finger. The "attacker" has to be a local user also.

    Of course, that is a design flow which is there because of the fact
    that quotas were not implemented in the first UNIX filesystem versions.

    > Furthermore, users can even create links to a setuid binary. If there is a
    > security whole like a buffer overflow in any setuid binary, a cracker can
    > create a hard link to this file in his home directory. This link still exists
    > when the administrator has fixed the security whole by removing or replacing
    > the insecure program. This makes it possible for a cracker to keep a security
    > whole open until an exploit is available. It is even possible to create links
    > to every setuid program on the system. This doesn't create new security
    > wholes but makes it more likely that they are exploited.

    No.

    Only a beginner would ignore the link count for a file when removing it
    for security reasons. Every *NIX admin with basic knowledge of UNIX or
    Linux will not ignore it.

    > I could reproduce the problem on linux 2.2.19 and 2.4.21 (and found nothing
    > about it in the changelogs to 2.4.23-rc3). If you can check whether this
    > problem also exists on other unix-like operating systems, please post the
    > results.

    This "problem" exists with all *NIX systems I know, but it is not
    a big problem.

    VB.

    -- 
    Volker Birk, Postfach 1540, 88334 Bad Waldsee, Germany
    Phone +49 (7524) 912142, Fax +49 (7524) 996807, dingens@bumens.org
    http://fdik.org, Deutsches IRCNet fdik!~c_vbirk@wega.rz.uni-ulm.de
    PGP-Key: http://www.x-pie.de/vb.asc
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: vb_at_dontpanic.ulm.ccc.de: "Re: [Full-Disclosure] os x 10.2.x has 8 character password limit"

    Relevant Pages

    • Re: hard links create local DoS vulnerability and security problems
      ... > belonging to another user. ... > the original file is removed by the owner. ... > there is a security whole like a buffer overflow in any setuid ... a cracker can create a hard link to this file in his home ...
      (Linux-Kernel)
    • Re: hard links on Linux create local DoS vulnerability and security problems
      ... > when the administrator has fixed the security whole by removing or replacing ... inherit the same owner and mode of the original. ... original file is changed, the link will ... Network Administrator/Web Programmer | ICQ UIN: ...
      (Bugtraq)
    • [NT] NTFS Hard Links Subvert Auditing
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A hard link is another directory ... The auditing mechanism of Windows NT and Windows 2000 does not understand ... Since this problem has existed for many years all archived audit logs are ...
      (Securiteam)
    • Re: Deleting a read-only hard link
      ... You can delete the original file as you wish, ... a symbolic link will be updated ... new hard link also called FILE3 that points to FILE2. ... read-onlyness of the original files? ...
      (microsoft.public.win32.programmer.kernel)
    • Re: Hardlinks not updating?
      ... Hence, if a file is modified thru one hardlink, shouldn't the ... When you create a hard link to a file on an NTFS volume, NTFS adds a directory entry for the hard link without duplicating the original file. ... Hard links do not have security descriptors; instead, the security descriptor belongs to the original file to which the hard link points. ...
      (microsoft.public.windowsxp.general)