Mounting floppies
Marion Hakanson
hakanson at mist.cs.orst.edu
Sat Dec 10 05:36:05 AEST 1988
In article <841 at levels.sait.edu.au> ccdn at levels.sait.edu.au (DAVID NEWALL) writes:
. . .
>> ** The main thing mountpub does is to check the contents of
>> ** the filesystem being mounted to be sure that there are no
>> ** setuid/setgid files that would give permissions that the
>
>Gee, I don't know. I wonder what would happen if the user "mountpub"ed
>a floppy, and then replaced it with another disk that had setuid root
>shells on it -- ie, without unmounting the old disk? Could be nasty...
That's a hardware problem (1/2 :-). Doing such a thing would probably
be as likely to crash the system as to allow unauthorized access, but
that's a security problem as well. Mountpub also neglects to check
for special (device) files, which I hadn't considered three years
ago when I wrote the program.
--
Marion Hakanson Domain: hakanson at cs.orst.edu
UUCP : {hp-pcd,tektronix}!orstcs!hakanson
More information about the Comp.unix.wizards
mailing list