[Bug 214665] security bug:using "truncate" bypass disk quotas limit - bugzilla-daemon

From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 214665] security bug:using "truncate" bypass disk quotas limit
Date: Mon, 11 Oct 2021 06:24:56 +0000	[thread overview]
Message-ID: <bug-214665-13602-ScDAd49LNn@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-214665-13602@https.bugzilla.kernel.org/>

https://bugzilla.kernel.org/show_bug.cgi?id=214665

leveryd (1157599735@qq.com) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #2 from leveryd (1157599735@qq.com) ---
i know `truncate` file does not task up disk space, but i still think it has
some "design" problem about security.

* why i still think it has some problem?

  because developer will trust "quota limit" very likely, so they will not
check the file is "truncate file" or not before they do some operation on file.

  for example(assume a scenario): developer limit every ftp user's disk space
by using "disk quotas", and there is a crontab job which will backup ftp user's
files every day. if this crontab job does not check "truncate file" exist or
not and then backup using "tar" or "zip" compress command, then when a
malicious user create a file using `truncate -s 100G id`, after compress this
special "truncate file`, the machine disk space will be consumed more than 100G
actually.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.