COMMAND

    kernel (quotas)

SYSTEMS AFFECTED

    Linux

PROBLEM

    Michal Zalewski found following.   Any amount of data,  overriding
    quotas and kernel resource limits, can be stored in root-owned  +t
    directory (like /tmp) -  inside... filenames!  It  sounds strange,
    so here's an example: hard-links to root-owned files are NOT owned
    by  you  (so  you  may  create  any  amount of them). I'm assuming
    directory isn't owned by you, also... And every filename can store
    over 100 bytes of  data (255 characters). So,  to store 1 MB,  you
    need about 10000  hardlinks - it  isn't such a  big number. Stored
    data will  be accounted  only in  directory size,  and, as long as
    this dir is root-owned, only root will be charged for it.

    The  same  problems  are  with  FIFOs  created in root-owned dirs,
    because FIFO is not treated as file.

SOLUTION

    Solar Designer's  secure-linux-03 patch  fixes at  least hard-link
    problems.