[Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
jeremiah at nur.net
Wed Nov 26 22:18:56 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 24 November 2003 10:17, Steven Leikeim wrote:
> There is a simpler solution. Place user files on a separate filesystem
> from system files. This includes putting all temporary files on separate
> filesystems of their own. (Both /tmp and /var/tmp.) Since hard links
> cannot cross filesystems the problem disappears. Mounting user filesystems
> nosuid and nodev will prevent security problems should a setuid binary
> appear in that filesystem.
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might
help. One for each valid shell.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.