Local users get to play root?
Seth Vidal
skvidal at fedoraproject.org
Wed Nov 18 19:23:29 UTC 2009
On Wed, 18 Nov 2009, Casey Dahlin wrote:
> On 11/18/2009 02:10 PM, Seth Vidal wrote:
>>
>>
>> On Wed, 18 Nov 2009, Konstantin Ryabitsev wrote:
>>
>>> 2009/11/18 Casey Dahlin <cdahlin at redhat.com>:
>>>> On 11/18/2009 01:22 PM, James Antill wrote:
>>>>>
>>>>> 3. Are there any attacks due to disk space used? Eg. If /var is low² I
>>>>> can probably install enough pkgs to make logging stop.
>>>>>
>>>>
>>>> I'm betting there's still enough systems out there without enough
>>>> space in /usr for the entire package set.
>>>
>>> That's kind of a silly exercise in what-ifs. The default anaconda
>>> partition scheme is /boot, <swap>, and /. If someone wanted to fill up
>>> the disk, they can just write to /tmp on a default install.
>>
>> well - except for the 5% reserved for root :)
>>
>> -sv
>>
>
> Which isn't safe from this since ultimately its root doing the install on the unprivileged user's behalf.
which is why I said the user filling up /tmp couldn't fill up the whole
disk..
-sv
More information about the fedora-devel-list
mailing list