Re: my scoreboard file is world writeable

[Randy Terbush <ra...@zyzzyva.com>]

> Hmmm... the only way I can think of to provoke a full-scale fork bomb
> is to keep zeroing out the file, which will cause the root process to
> think that there aren't enough free servers running and fork off more...
> NB that you have to write on the *same* scoreboard file which the root
> server opened, since it is not continually reopening it.  So, if the
> attacker has write permission on the scoreboard, this is a problem; if
> not, not --- and if the scoreboard isn't publically writable, then an
> attacker who could write it could probably run the fork bomb themselves
> anyway.  (Come to think of it, that covers a lot of these scenarios).
> 
> rst

Most NIXen I am familiar with have the sticky bit set on /tmp to
prevent anyone but the owner from moving/removing files. I've just
verified that both the SunOS system (4.1.3) and my NetBSD box have
been creating the files 600, and are not removeable by anyone but the
owner.