[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSE webserver
-----BEGIN PGP SIGNED MESSAGE-----
| John Richard Moser wrote:
|> | > For /tmp, use a tmpfs:
|> | [...]
|> | > I use a 2G tmpfs with a 2G swap and 768M physical ram.
|> | Which will make it easy to overload your machine if you don't use
|> | + a specifically hardened kernel. A local attacker can fill up your 2GB
|> Ok local attacker loses his account and gets fired. Still no chance of
|> lamers coming in from the web server.
| Assume you have a file owned by root called /tmp/foo. Now user bob comes
| and does "ln /tmp/foo /tmp/bar". Then the hardlink /tmp/bar will be
| owned by root and you will _never_ know who did it unless you do syscall
| loggin (which I doubt).
So what are you doing running a server where local users are allowed to
create hardlinks to root-owned files in /tmp anyway? ;)
| Keep creating hardlinks until /tmp runs out of space or out of inodes.
nr_inodes= is your friend.
| Ext2/3 allow ~65000 hardlinks per file, ReiserFS allows ~2billion, so
| flooding /tmp isn't a problem. Quotas don't help either since the
| attacker doesn't own the file. The only thing that helps are special
| hardening patches (OpenWall, GRSec) or special permission patches
| (SELinux, RSBAC), but not everybody uses them.
| This attack can be truly annoying since it fills up /tmp and may keep
| Apache from working. But with your setup (/tmp on tmpfs) it will bring
| the server to a grinding halt where you can't even login remotely to fix
| the server (assuming you don't have physical access).
you raise interesting points. We should clip these issues off at the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here