[Bug 116803] Re: ReiserFS filename hash collision causing DoS
Kees Cook
kees at ubuntu.com
Fri May 25 22:55:22 UTC 2007
Thanks for taking the time to report this bug and helping to make Ubuntu
better. I have unmarked it as a security issue since this bug does not
show evidence of allowing attackers to cross privilege boundaries nor
directly cause loss of data/privacy.
While this is an ugly bug, it can't be used to make world-writable
directories less secure. Resource DoS's in temporary file areas is
already possible if an attacker knows the filename being opened (which
is why using mkstemp() is so important). For a hash colllision, this
requirement is still true. Hitting this bug is like having another user
fill up the entire /tmp partition: a user is suddenly unable to make
temp files.
Please feel free to report any other bugs you may find.
** Changed in: linux-meta (Ubuntu)
Importance: Undecided => Low
Status: Unconfirmed => Confirmed
** Visibility changed to: Public
** This bug is no longer flagged as a security issue
--
ReiserFS filename hash collision causing DoS
https://bugs.launchpad.net/bugs/116803
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.
More information about the kernel-bugs
mailing list