Re: inode->i_count security hole

James Mastros (root@jennifer-unix.dyn.ml.org)
Mon, 12 Jan 1998 15:22:45 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lamaste Storken: "Re: devfs"
Previous message: Adam D. Bradley: "Re: devfs patch v4"

On Mon, 12 Jan 1998, Bill Hawes wrote:
> Chris Evans wrote:
> > I've read about the recently discovered inode counting security hole
> > (ugh). Perhaps its worth a quick audit to see what other counters
> > malicious users could overflow....??
>
> For those of us who haven't heard of this, could you summarize the
> problem with inode counting?

Make a whole bunch of hardlinks to the same file... after you overflow
inode.i_count, Bad Stuff starts to happen.

-=- James Mastros

-- Agent K: A person is smart; people are dumb, panicky animals and you know it. Fifteen hundred years ago, everybody knew that the Earth was the center of the Universe. Five hundred years ago, everybody knew that the Earth was flat. Fifteen minutes ago, you knew that humans were alone on this planet. Just think what you'll know tomorrow.

-=- Men In Black (1997, Paramount)

Next message: Lamaste Storken: "Re: devfs"
Previous message: Adam D. Bradley: "Re: devfs patch v4"