Language Selection

English French German Italian Portuguese Spanish

Broken Links in Linux File Systems can be a Security Risk

Filed under
Security

BROKEN LINKS in Linux file systems are not just annoying — they can also be a security risk. In a previous post, I discussed the potential dangers of unowned files and in this post I will talk about those annoying, resource consuming broken links usually considered simple file system “lint”.

I recently spoke to a Security Blanket™ customer and they asked me, "Why does Security Blanket report on these broken links?" I responded with a typical, technical explanation of...

"It [Security Blanket™] was trying to determine the file's existing access controls by using stat(2) not lstat(2). This call was unsuccessful because the target file was non-existent therefore, we want you to be aware of this 'lint'."

Although I could not see their face, I am sure their eyes were rolling at my somewhat cryptic response. Later that day, I contemplated the existence of broken links and realized they are a potential security risk — in the form of a Trojan Horse.

Common Uses of Links




More in Tux Machines

WS-C2960-48PST-L vs WS-C2960S-48FPS-L

What's the difference between Cisco 2960S Layer2 48 port PoE switches? If you want to know,follow this: WS-C2960-48PST-L is a Catalyst 2960 48 10/100 PoE + 2 1000BT + 2 SFP LAN Base Image Switch. WS-C2960-48PST-L Overview: 48 Ethernet 10/100 PoE ports and 2 10/100/1000 uplinks and 2 SFP uplinks 1 RU fixed-configuration LAN Base image WS-C2960S-48FPS-L is a Catalyst 2960S 48 GigE PoE 740W, 4 x SFP LAN Base Switch. WS-C2960S-48FPS-L Overview: 48 Ethernet 10/100/1000 PoE+ ports 370W PoE capacity Four 1G Small Form-Factor Pluggable(SFP) USB interfaces for management and file transfers LAN Base or LAN Lite Cisco IOS Software feature set SmartOperations tools that simplify deployment and reduce the cost of network administration

Beer and open source with Untappd

Greg Avola loves beer and coding. He loves beer so much that he made an app, Untappd, where users track their favorite brews. He loves coding so much that he wrote a book about mobile web development. According to him, if it weren't for open source software, his app—and the projects of many other developers—simply wouldn't exist. Read more in my interview with Greg about his open source journey, his favorite beer, and why check-in apps are still relevant. Read more

What is Docker, Really? Founder Solomon Hykes Explains

Docker has quickly become one of the most popular open source projects in cloud computing. With millions of Docker Engine downloads, hundreds of meetup groups in 40 countries and dozens upon dozens of companies announcing Docker integration, it's no wonder the less-than-two-year-old project ranked No. 2 overall behind OpenStack in Linux.com and The New Stack's top open cloud project survey. This meteoric rise is still puzzling, and somewhat problematic, however, for Docker, which is “just trying to keep up” with all of the attention and contributions it's receiving, said founder Solomon Hykes in his keynote at LinuxCon and CloudOpen on Thursday. Most people today who are aware of Docker don't necessarily understand how it works or even why it exists, he said, because they haven't actually used it. “Docker is very popular, it became popular very fast, and we're not really sure why,” Hykes said. “My personal theory … is that it was in the right place at the right time for a trend that's much bigger than Docker, and that is very important for all of us, that has to do with how applications are built.” Read more

LinuxCon and CloudOpen 2014 Keynote Videos Available

Video recordings of the LinuxCon and CloudOpen North America keynotes are now available on the Linux Foundation YouTube channel, and are embedded below, here. The event started Wednesday with Executive Director Jim Zemlin's “State of Linux” keynote at 9 a.m. Central, followed by a panel discussion of Linux kernel developers that included Linux Creator Linus Torvalds. Tomorrow morning keynotes will be streamed live (live video available here with login) and will be available later on in the day. You'll also find live updates on Linux Foundation Twitter,Facebook and Google+ channels and at the #LinuxCon and #CloudOpen hash tags, as well as more in-depth keynote coverage here on Linux.com. Read more