From: Gilboa Davara (gilboad_at_nonexisting.hamakor.org.il)
Date: Thu 19 Jan 2006 - 21:27:42 IST
On Thu, 2006-01-19 at 21:08 +0200, Efraim Yawitz wrote:
>
> On Thu, 19 Jan 2006, Gilboa Davara wrote:
>
> >
> > Umm.... mounting loop device is limited to root for a good reason.
> > Once a user had loop mount capability, it's much easier for him to mount
> > a modified FS where all the sbin utilities are suided...
> >
> > A secure system gives users *very* limited mount capabilities.
> >
> The idea was to loop-mount a fs on my own computer as root, modify it there and then burn it onto a CD which could be mounted on another machine. The other posters pointed out that this is theoretically possible, but the safeguard of allowing mounting only with -nodev by users prevents the problem.
>
> Ephraim
>
In this case adding nodev and nosuid to the fstab line is in order.
Gilboa
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Thu 19 Jan 2006 - 21:43:01 IST