Hi,
my question was ;
Today I realized a terible problem ! Any ordinari user can mount a remote
file system if they allow. Ok, this might be a good thing but it has also
many security problems. Imagine, one of our users is the root of an
another system ( even this might be a Linux ! ). Then hi create a setuid
program at remote host, and change its owner to root, then export this
dir. Then login my system and then mount that dir, then he became root !
Yes hard to think but, this *WORKS* ! I immediately changes the
permitions of mount* files to 700, but this not a solution, any body can
find this executables from an another DEC. Do you have any solution for
this problem ?
- o -
Thanx to ;
maillard_at_atyisa.enet.dec.com
Stam Nicolis <nicolis_at_celfi.phys.univ-tours.fr>
Pecsenyanszky Istvan <pecseny_at_inf.bme.hu>
Marcel A. Bernards <bernards_at_ecn.nl>
golden_at_falcon.invincible.com
Ezra Peisach <epeisach_at_MIT.EDU>
Sean Watson <swatson_at_ultrix6.cs.csubak.edu>
Dan Riley <dsr_at_lns598.lns.cornell.edu>
Craig Hagan <hagan_at_rmc1.crocker.com>
gosejac_at_rto.dec.com
cyrmiche_at_sidoci.qc.ca
Mandell Degerness <MDEGERNESS_at_galaxy.gov.bc.ca>
- o -
However, really no need to worry. What I tried and became root at an
other machine, where I'm not SU, was a file system which was mounted by
the root of this machine.
Breefly Sean Watson <swatson_at_ultrix6.cs.csubak.edu> explains the fact belove
Thanx for all.
Sincerely.
murat.
- o -
Sean Watson <swatson_at_ultrix6.cs.csubak.edu> wrotes ;
Murat,
No need to be so worried. If you check the OSF man page for mount, you
will notice something about "nosuid" and "suid" under mount options. If
you aren't root, you're forced to use "nosuid" when you mount the file
system. (If you are root, suid is the default but nosuid still works.)
I really did try this on a PC running Linux and our Alpha running
Digitial Unix 3.2.
Sean
P.S. This is not to downplay the security implications that abound in
mounting files via NFS, only they aren't quite so easy to exploit.
----
Murat Balci UNIX sys. Admin
s-mail : Ege Universitesi B.A.U.M - Bornova, IZMIR, TURKIYE.
e-mail : balci_at_baum01.ege.edu.tr Phone :+(90)(232)3881080-253
Received on Sun Oct 22 1995 - 19:50:43 NZDT