https://bugzilla.kernel.org/show_bug.cgi?id=214665 leveryd (1157599735@xxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #2 from leveryd (1157599735@xxxxxx) --- i know `truncate` file does not task up disk space, but i still think it has some "design" problem about security. * why i still think it has some problem? because developer will trust "quota limit" very likely, so they will not check the file is "truncate file" or not before they do some operation on file. for example(assume a scenario): developer limit every ftp user's disk space by using "disk quotas", and there is a crontab job which will backup ftp user's files every day. if this crontab job does not check "truncate file" exist or not and then backup using "tar" or "zip" compress command, then when a malicious user create a file using `truncate -s 100G id`, after compress this special "truncate file`, the machine disk space will be consumed more than 100G actually. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
