Re: hard links on Linux create local DoS vulnerability and security problems

• Previous message: Andrea Barisani: "GLSA: phpsysinfo (200311-06)"
• In reply to: Jakob Lell: "hard links on Linux create local DoS vulnerability and security problems"
• Next in thread: Bruno Lustosa: "Re: hard links on Linux create local DoS vulnerability and security problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Nov 2003 12:20:50 -0600
To: Jakob Lell <jlell@jakoblell.de>

On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
> Hello,
> on Linux it is possible for any user to create a hard link to a file belonging
> to another user. This hard link continues to exist even if the original file
> is removed by the owner. However, as the link still belongs to the original
> owner, it is still counted to his quota. If a malicious user creates hard
> links for every temp file created by another user, this can make the victim
> run out of quota (or even fill up the hard disk). This makes a local DoS
> attack possible.

Hard links can only be created on the same device (i.e., you can't create
a hardlink to a file residing on a different partition). This in itself
will prevent any type of attack. Anybody who uses the same partition for
/home and / on a production multi-user system is asking for trouble.

As for users creating hardlinks to other users' files, a simple find -uid
will locate any offending files for quota purposes. If there's a concern
about users reading other users' files, well that's what permission modes
are for.

It is also notable, that Linux behaves identically to Solaris in this regard.
Not that Solaris is perfect, but it's been in use long enough that if current
security was inadequate this would have been dealt with some time ago.

-- 
Brian Bennett
bahamat@digitalelf.net
http://digitalelf.net/
It is undignified for a woman to play servant to a man who is not hers.
                -- Spock, "Amok Time", stardate 3372.7

• application/pgp-signature attachment: Digital signature

• Previous message: Andrea Barisani: "GLSA: phpsysinfo (200311-06)"
• In reply to: Jakob Lell: "hard links on Linux create local DoS vulnerability and security problems"
• Next in thread: Bruno Lustosa: "Re: hard links on Linux create local DoS vulnerability and security problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [SLE] preserving files creation time ... I'm not sure if I can provide the answer directly, but a Linux (and Unix) ... create an additional hard link to a file, ctime will change. ... This is a hard link to the current directory. ... (SuSE) Re: hard links create local DoS vulnerability and security problems ... | on Linux it is possible for any user to create a hard link to a file belonging ... This hard link continues to exist even if the original file ... | when the administrator has fixed the security whole by removing or replacing ... be addressed in SE Linux or somewhere. ... (Linux-Kernel) Re: Puzzled by mmap behavior ... I think Linux share much with Unix, ... hard link (directory entry) is made to the file, ... A file is only removed when the reference count goes to zero, ... (comp.unix.programmer) Re: files refused to delete ... use ls -lo to see if there are any special flags set on the file. ... How did you delete if from linux? ... >but the fsck created a hard link to them in lost+found and this hard ... (freebsd-hackers) Re: hard links on Linux create local DoS vulnerability and security problems ... > on Linux it is possible for any user to create a hard link to a file belonging ... This hard link continues to exist even if the original file ... > run out of quota. ... that Linux behaves identically to Solaris in this regard. ... (Full-Disclosure)