[clue-tech] Filesystem quotas circumvented
Angelo Bertolli
angelo at freeshell.org
Tue Jan 18 21:13:32 MST 2005
David Anselmi wrote:
> Angelo Bertolli wrote:
>
>> So today I tried to do this (as user angelo):
>>
>> cd /
>> sudo ls -lhRt > ~/lsr
>>
>> And of course it starts accumulating... but somehow it was able to
>> get beyond the hard quota limit:
>
>
> Basically the redirect is done before sudo runs and root isn't
> restricted by your quota.
>
> Bash runs a simple command (like sudo above) in an execution
> environment that consists of "the shell's open files, plus any
> modifications and additions specified by redirections to the command"
> (see bash(1)).
>
> Probably the whole process goes like this:
>
> bash forks
>
> the child shell closes stdout and opens ~/lsr for writing on fd 2
> (which truncates or creates the file as needed)
>
> the child shell execs sudo which changes to UID 0 and execs ls
>
> So the file gets created as you (which can be a pain but isn't the
> problem here). But then you have root writing into your file. Does
> your quota apply to what root does? Apparently not (no surprise).
> But the quota is system wide, right? So after you've created this
> file you won't be able to create or append to any more.
>
No, I won't be able to append to any more as angelo without using 'sudo'
in the same manner. So would you say that the reason why `sudo yes >
/root/tmp` doesn't work is because the child process can't initially
open the file?
Angelo
More information about the clue-tech
mailing list