Re: /dev on Ramdisk cause panic?

ganesh@cse.iitb.ernet.in
Wed, 26 Mar 1997 04:22:07 +0530 (IST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Simon Shapiro: "Re: Sharing SCSI disks"
Previous message: James L. McGill: "Re: >256 fd patch..."

thoth@purplefrog.com wrote:
> Yes. Those of you who weren't paying attention wake up and read what the
> man said. The inode may be totally unlinked, but as long as there's a file
> descriptor using it, it's still there (but I don't know of any way to link it
> back into the filesystem). There are a handful of techniques used in security
> breaching attacks that use this fact to their advantage.

I don't know how to link it back to the filesystem ... but one thing which
can be done is cp /proc/<pid-of-process-with-open-file>/fd/<fd> foo
May not be relevant to security, but it's useful in some cases e.g. if you
accidentally delete the file you've been ftp'ing while the ftp is in
progress.

-- ganesh

Next message: Simon Shapiro: "Re: Sharing SCSI disks"
Previous message: James L. McGill: "Re: >256 fd patch..."