[clue-tech] Filesystem quotas circumvented
David Anselmi
anselmi at anselmi.us
Tue Jan 18 17:26:18 MST 2005
Angelo Bertolli wrote:
> So today I tried to do this (as user angelo):
>
> cd /
> sudo ls -lhRt > ~/lsr
>
> And of course it starts accumulating... but somehow it was able to get
> beyond the hard quota limit:
Basically the redirect is done before sudo runs and root isn't
restricted by your quota.
Bash runs a simple command (like sudo above) in an execution environment
that consists of "the shell's open files, plus any modifications and
additions specified by redirections to the command" (see bash(1)).
Probably the whole process goes like this:
bash forks
the child shell closes stdout and opens ~/lsr for writing on fd 2 (which
truncates or creates the file as needed)
the child shell execs sudo which changes to UID 0 and execs ls
So the file gets created as you (which can be a pain but isn't the
problem here). But then you have root writing into your file. Does
your quota apply to what root does? Apparently not (no surprise). But
the quota is system wide, right? So after you've created this file you
won't be able to create or append to any more.
Dave
More information about the clue-tech
mailing list