[plug] USB & kernel questions
Cameron Patrick
cameron at patrick.wattle.id.au
Wed Dec 17 22:35:40 WST 2003
On Wed, Dec 17, 2003 at 09:53:07PM +0800, James Devenish wrote:
| [If you are a 7337 hax0r with malicious intent, please do not read
| below this line.]
The packets carrying this message to you have the evil bit set; as per
RFC somethingorother last April, your router SHOULD NOT carry them if
it is intended to be secure :-)
| on Wed, Dec 17, 2003 at 06:15:18PM +0800, Cameron Patrick wrote:
| > mount is setuid root
|
| Cripes! And dynamically linked, too (under Debian woody, at least)! (I
| see /usr/mount, but no /sbin/mount variant.) I'm no security expert,
| but this looks highly improper to me at first glance.
/bin/mount, presumably - there's no /usr/bin/mount as that would make it
a bit tricky to mount /usr :-) I believe that setuid dynamically linked
binaries are fine, as they ignore LD_LIBRARY_PATH and LD_PRELOAD so you
can't trick them into using JamesLibC (where the mount() system call
alters the password file to add a new user with uid 0 and the write()
system call dumps the contents of /dev/urandom to the PLUG list *wink*).
The reason that mount is (and should be) setuid root on most systems is
that you can have user-mountable entries in /etc/fstab, like:
/dev/cdrw /cdrw iso9660 ro,user,noauto 0 0
which allows any user to mount a CD without having to screw around with
sudo.
Cameron.
More information about the plug
mailing list