Vigil@nce - Linux kernel: bypassing quota on ext4
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On an ext4 filesystem, a local attacker can use the
posix_fallocate() function, in order to create a file larger than
the defined limit.
Severity: 1/4
Creation date: 01/06/2010
DESCRIPTION OF THE VULNERABILITY
The RLIMIT_FSIZE limit, defined via "ulimit -f", indicates the
maximal size of a file.
The posix_fallocate() system call is used to ensure there is
sufficient free space on the file system to write to a file:
int posix_fallocate(int fd, off_t offset, off_t len);
The ext4_fallocate() function of the fs/ext4/extents.c file
defines posix_fallocate() for an ext4 filesystem. However, this
function does not honor RLIMIT_FSIZE.
On an ext4 filesystem, a local attacker can therefore use the
posix_fallocate() function, in order to create a file larger than
the defined limit.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-bypassing-quota-on-ext4-9678