Re: security implications (was Re: Proposal: restrict link(2))

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Greg Alexander: "Re: Proposal: restrict link(2)"
• Previous message: Jered Floyd: "Re: Reproducible SMP/SCSI Hangs under 2.0.xx"
• In reply to: Jeff Gehlbach: "Re: linux support for mac fs??"

>
> > So what have I learned:
> > o /tmp and /home and /usr should be on different partitions
> If you can manage it. You'd likely want to make /home separate to save
> hassle when upgrading/re-installing the system. /tmp being on its own
> filesystem can prevent some denial of service attacks.

Talking about denial of service attacks using /tmp; we did it to
ourselves accidentally on a SunOS machine. We ran Adobe Distiller on a
PostScript file that had 100,000 pages. We noticed sometime the next day
that the machine had slowed to a crawl.

It turns out that Distiller was creating a file in /tmp for every page
processed. We had about 100,000 zero length files in /tmp. Under SunOS,
directories never shrink, so we had to remake the file system to get back
normal performance.

I suppose we could have avoided the mkfs if we had:
# mount /dev/sd4e /.tmpfs
# mkdir /.tmpfs/tmp
# ln -s /.tmpfs/tmp /tmp

Then we could have just created a new directory in /.tmpfs and pointed
the symlink at the new directory.

I have not bothered to check if ext2fs shrinks directories, maybe this
"technique" would work on Linux too.

- Dave

• Next message: Greg Alexander: "Re: Proposal: restrict link(2)"
• Previous message: Jered Floyd: "Re: Reproducible SMP/SCSI Hangs under 2.0.xx"
• In reply to: Jeff Gehlbach: "Re: linux support for mac fs??"