| Next | Classic Unix Security Problems | 7 |
This "setuid" feature has opened a long series of holes:
For example:
% mkdir /mnt/mydisk
% mount /dev/floppy /mnt/mydisk
% ls -l /mnt/mydisk/mysh
-rwsr-xr-x 1 root wheel 512668 Feb 28 2001 /mnt/mydisk/mysh
% /mnt/mydisk/mysh
# anything
Problem also occurs on older systems sith removable hard disk packs
Or suppose /mnt/mydisk is shared via NFS from a machine I control
Solutions: Various
Ignore setuid bits on filesytems on removable media
Translate root to nobody on NFS-mounted filesystems
Forbid usage of mount by non-root users
Etc.
| Next | |
Copyright © 2005 M. J. Dominus |