John Richard Moser wrote:
| > For /tmp, use a tmpfs: | [...] | > I use a 2G tmpfs with a 2G swap and 768M physical ram. | Which will make it easy to overload your machine if you don't use quotas | + a specifically hardened kernel. A local attacker can fill up your 2GB
Ok local attacker loses his account and gets fired. Still no chance of lamers coming in from the web server.
Assume you have a file owned by root called /tmp/foo. Now user bob comes and does "ln /tmp/foo /tmp/bar". Then the hardlink /tmp/bar will be owned by root and you will _never_ know who did it unless you do syscall loggin (which I doubt). Keep creating hardlinks until /tmp runs out of space or out of inodes. Ext2/3 allow ~65000 hardlinks per file, ReiserFS allows ~2billion, so flooding /tmp isn't a problem. Quotas don't help either since the attacker doesn't own the file. The only thing that helps are special hardening patches (OpenWall, GRSec) or special permission patches (SELinux, RSBAC), but not everybody uses them. This attack can be truly annoying since it fills up /tmp and may keep Apache from working. But with your setup (/tmp on tmpfs) it will bring the server to a grinding halt where you can't even login remotely to fix the server (assuming you don't have physical access). nordi