mounting and setuid question...
Chris Torek
chris at mimsy.umd.edu
Fri Dec 22 06:32:26 AEST 1989
In article <541 at mwtech.UUCP> martin at mwtech.UUCP (Martin Weitzel) writes:
>Several security holes occur, if you allow to mount a floppy
>(more general: a file system on removable media) for everyone:
>1) There may be root-suid/sgid files on the media ...
>2) There may be i-nodes that point to device-files like /dev/mem ...
>3) ... the mount-command [does not check the mount point]
There is a fourth problem, which cannot be solved in software: If
the medium is removable, it can be removed after all the checking
has occurred, but in time to put the bad thing out there, or to crash
the system, etc.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at cs.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.questions
mailing list