Re: Security hole?

From: Efraim Yawitz (fyawitz_at_nonexisting.hamakor.org.il)
Date: Thu 19 Jan 2006 - 21:08:04 IST

• Next message: Gilboa Davara: "Re: Security hole?"
• Previous message: Tzafrir Cohen: "Re: Security hole?"
• In reply to: Gilboa Davara: "Re: Security hole?"
• Next in thread: Gilboa Davara: "Re: Security hole?"
• Reply: Gilboa Davara: "Re: Security hole?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Thu, 19 Jan 2006, Gilboa Davara wrote:

>
> Umm.... mounting loop device is limited to root for a good reason.
> Once a user had loop mount capability, it's much easier for him to mount
> a modified FS where all the sbin utilities are suided...
>
> A secure system gives users *very* limited mount capabilities.
>
The idea was to loop-mount a fs on my own computer as root, modify it there and then burn it onto a CD which could be mounted on another machine. The other posters pointed out that this is theoretically possible, but the safeguard of allowing mounting only with -nodev by users prevents the problem.

Ephraim

=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il

• Next message: Gilboa Davara: "Re: Security hole?"
• Previous message: Tzafrir Cohen: "Re: Security hole?"
• In reply to: Gilboa Davara: "Re: Security hole?"
• Next in thread: Gilboa Davara: "Re: Security hole?"
• Reply: Gilboa Davara: "Re: Security hole?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.7 : Thu 19 Jan 2006 - 20:08:47 IST