CAN-2001-1551

From: Florian Weimer
Date: Sun Sep 18 2005 - 04:13:28 EST

Next message: Russell King: "p = kmalloc(sizeof(*p), )"
Previous message: bert hubert: "Re: Segfaults in mkdir under high load. Software or hardware?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has this issue been fixed? Or is this not a kernel bug?

| From: Wojciech Purczyñski (wpsupermedia.pl)
| Date: Mon Oct 22 2001 - 03:43:13 CDT
|
| Almost any suid binary may be used to create large files overriding quota
| limits.
|
| When setuid-root binary inherits file descriptors from user process it may
| write to it without respecting the quota restrictions. This is because
| suid process has CAP_SYS_RESOURCE effective capability enabled during
| writing to the file. Quota does not know anything about who opened file
| descriptor and checks current process privileges only. This is bug in
| kernel and not in those setuid-root binaries.

<http://archives.neohapsis.com/archives/bugtraq/2001-10/0179.html>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "p = kmalloc(sizeof(*p), )"
Previous message: bert hubert: "Re: Segfaults in mkdir under high load. Software or hardware?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]