-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nordi wrote: | John Richard Moser wrote: | |> | > For /tmp, use a tmpfs: |> | [...] |> | > I use a 2G tmpfs with a 2G swap and 768M physical ram. |> | Which will make it easy to overload your machine if you don't use |> quotas |> | + a specifically hardened kernel. A local attacker can fill up your 2GB |> |> Ok local attacker loses his account and gets fired. Still no chance of |> lamers coming in from the web server. | | | Assume you have a file owned by root called /tmp/foo. Now user bob comes | and does "ln /tmp/foo /tmp/bar". Then the hardlink /tmp/bar will be | owned by root and you will _never_ know who did it unless you do syscall | loggin (which I doubt). | So what are you doing running a server where local users are allowed to create hardlinks to root-owned files in /tmp anyway? ;) | Keep creating hardlinks until /tmp runs out of space or out of inodes. nr_inodes= is your friend. | Ext2/3 allow ~65000 hardlinks per file, ReiserFS allows ~2billion, so | flooding /tmp isn't a problem. Quotas don't help either since the | attacker doesn't own the file. The only thing that helps are special | hardening patches (OpenWall, GRSec) or special permission patches | (SELinux, RSBAC), but not everybody uses them. | | This attack can be truly annoying since it fills up /tmp and may keep | Apache from working. But with your setup (/tmp on tmpfs) it will bring | the server to a grinding halt where you can't even login remotely to fix | the server (assuming you don't have physical access). | | nordi | you raise interesting points. We should clip these issues off at the source. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA9G6bhDd4aOud5P8RAqgyAJ9HCyIdzqUHIy4t9IQvjR3g5enz8gCfefZW UaiUha6ezKXWVBFIGwkK/p4= =LxXK -----END PGP SIGNATURE-----