Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

linuxfs.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Linux root-owned directories allow data storage via hard-links, bypassing quotas and limits.

Code
`  
[ http://www.rootshell.com/ ]  
  
Date: Sun, 5 Jul 1998 10:12:43 +0200  
From: Michal Zalewski <[email protected]>  
Subject: Linux kernel filesystem oddities  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
Any amount of data, overriding quotas and kernel resource limits, can be  
stored in root-owned +t directory (like /tmp) - inside... filenames!  
It sounds strange, so here's an example: hard-links to root-owned files  
are NOT owned by you (so you may create any amount of them). I'm assuming  
directory isn't owned by you, also... And every filename can store over  
100 bytes of data (255 characters). So, to store 1 MB, you need about 10000  
hardlinks - it isn't such a big number. Stored data will be accounted only  
in directory size, and, as long as this dir is root-owned, only root will be  
charged for it.  
  
Ah, the same problems are with FIFOs created in root-owned dirs, because  
FIFO is not treated as file.  
  
To Alan: You might not argue with me, but I think there's something wrong with  
Linux philosophy, if any user is able to bypass kernel file limits and quotas.  
But it seems to be hard to fix. FIFO (and maybe other 'non-file' objects) should  
be probably treated as ordinary file when calculating quota. But there will be  
problem with hard-links - creator of this object is not saved anywhere, and  
his UID might be not equal to owner UID - so we can't determine who is  
'responsible', and who should be accounted for it. Btw. it causes also other problems:  
luser can create hard-link to other user's file and move it to +t directory, but  
he will be unable to delete or move it back from this directory, because he isn't  
an owner.  
  
PS. Solar Designer's secure-linux-03 patch fixes at least hard-link  
problems.  
  
_______________________________________________________________________  
Michal Zalewski [[email protected]] <= finger for pub PGP key  
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]  
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGPfreeware 5.0i for non-commercial use  
Charset: noconv  
  
iQCVAwUBNZ81L5ZGvqO8h0ppAQHqKwP/SDh9Yc74qypHrzdbQ7m+us9v5Blts67o  
KEya466w2QMt2seI8UISQxI5mL/aadvRfX2Xq0cLBDRsbPh2kIE7ARQiaAOHPpqR  
WSL35XagUD6IIg4NFOYWg7sm8uo9RhCiETQeMW4pcgDOhIDa2SsoFmd3fWzLfeWX  
Z16J+goEyCc=  
=GRMz  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
linux kernel issuesfilesystem odditiesroot directorieshard-linksdata storagequota bypass.
21