Linux.com Article DB: If you export RW with nfs, you're exploitable

"The true cause of the problem is that the code relies on the total length of a path to not exceed PATH_MAX + NAME_MAX. I'm not sure whether this is a common Unix problem, but at least on Linux, PATH_MAX merely seems to put an upper limit on the length of a single path you can hand to a syscall (size of a page - 1, i.e. 4095). However it still allows you to create files within that directory as long as you use relative names only..." A patch against 2.2beta47 has been released by Olaf Kirch.

Originally Published: Thursday, 11 November 1999	Author: Quentin Cregan
Published to: news_enhance_security/Security News	Page: 1/1 - [Printable]
If you export RW with nfs, you're exploitable "The true cause of the problem is that the code relies on the total length of a path to not exceed PATH_MAX + NAME_MAX. I'm not sure whether this is a common Unix problem, but at least on Linux, PATH_MAX merely seems to put an upper limit on the length of a single path you can hand to a syscall (size of a page - 1, i.e. 4095). However it still allows you to create files within that directory as long as you use relative names only..." A patch against 2.2beta47 has been released by Olaf Kirch.