In the last episode (Apr 08), Kurt J. Lidl said: > On Mon, Apr 08, 2002 at 11:41:44AM -0700, Michael Smith wrote: > > You could also use this technique to maliciously exhaust a user's > > quota, by linking to their temporary files. I'm not sure what the > > standards have to say about this, but I don't much like the current > > behaviour. > > The truely paranoid ftruncate the file size to zero if the link count > is larger than one.
.. or even if isn't, as someone might link it just before you delete it. An attacker can still exhaust your inode quota with 0-length files. I wonder if there is any reason to allow arbitrary hardlinking; maybe only allow linking of files you currently have read access to? Only files that you own? Only allow root to hardlink? How paranoid do you want to be? :) It could always be another sysctl knob. -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message