Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!aplcen!haven!mimsy!chris
From: chris@mimsy.umd.edu (Chris Torek)
Newsgroups: comp.unix.questions
Subject: Re: mounting and setuid question...
Message-ID: <21394@mimsy.umd.edu>
Date: 21 Dec 89 19:32:26 GMT
References: <23@gagme.uucp> <5338@omepd.UUCP> <541@mwtech.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 14

In article <541@mwtech.UUCP> martin@mwtech.UUCP (Martin Weitzel) writes:
>Several security holes occur, if you allow to mount a floppy
>(more general: a file system on removable media) for everyone:
>1) There may be root-suid/sgid files on the media ...
>2) There may be i-nodes that point to device-files like /dev/mem ...
>3) ... the mount-command [does not check the mount point]

There is a fourth problem, which cannot be solved in software:  If
the medium is removable, it can be removed after all the checking
has occurred, but in time to put the bad thing out there, or to crash
the system, etc.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@cs.umd.edu	Path:	uunet!mimsy!chris