Re: [RFC] ext2 and ext3 block reservations can be bypassed

Elladan (elladan@eskimo.com)
Sun, 12 May 2002 11:37:30 -0700

On Sun, May 12, 2002 at 02:15:12PM -0400, Alexander Viro wrote:
>
> On Sun, 12 May 2002, Elladan wrote:
> >
> > It just happens that the suid program wasn't the one who chose what file
> > it was going to write stdout to - the shell did.
> >
> > Thus, the security violation.
>
> <shrug> relying on 5% in security-sensitive setup is *dumb*.
> In that case you need properly set quota (better yet, no lusers with write
> access anywhere on that fs)..
>
> There are worse holes problems 5% rule. E.g. you can create a
> file with hole, mmap over that hole, dirty the pages and exit. Guess
> who ends up writing them out? Right, kswapd. Which is run as root.
> No suid applications required...

Regardless of whether it's a good thing to depend on security-wise, it
is a problem to have something that appears to be a security feature
which doesn't actually work.

Reading the documentation, I would expect that if I create an ext3
filesystem, reserve 20% of it for root, and then run a cron job as root
that uses 16% of that filesystem periodically, that cron job will not
actually fail whenever some luser decides they want it to.

I don't recall seeing it plastered in huge letters, "This space reserve
is just a convenience feature, and can easily be circumvented by the
user. You must never rely on it for anything."

Having unsupported security features is typically a bad idea.

-J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/