Date: Mon, 6 Dec 2004 16:20:10 +0100 From: Ruben de Groot <mail25@bzerk.org> To: freebsd-questions@freebsd.org Subject: Unprivileged user can write to mbr Message-ID: <20041206152010.GA4747@ei.bzerk.org> Resent-Message-ID: <200412061607.iB6G7ihD005629@ei.bzerk.org>
next in thread | raw e-mail | index | archive | help
Hi, I'm having trouble rationalizing the behaviour described below. Is this a security-issue (bug) or a feature? (this is 5-STABLE, oct 26, 2004) - An unprivileged user 'bztest' with read-only access to /dev/ar0: %id uid=1004(bztest) gid=1004(test) groups=1004(test), 5(operator) %ls -l /dev/ar0 crw-r----- 1 root operator 4, 21 Nov 23 17:34 /dev/ar0 - Now, the device ar0 has the standard mbr installed: %cmp /dev/ar0 /boot/mbr /dev/ar0 /boot/mbr differ: char 447, line 1 - The boot0cfg program does not have any setuid bits: %ls -l /usr/sbin/boot0cfg -r-xr-xr-x 1 root wheel 7940 Oct 26 22:47 /usr/sbin/boot0cfg - The test user now uses boot0cfg to install the boot0 bootblock: %boot0cfg -B -b /boot/boot0 /dev/ar0 %cmp /dev/ar0 /boot/mbr /dev/ar0 /boot/mbr differ: char 13, line 1 %cmp /dev/ar0 /boot/boot0 /dev/ar0 /boot/boot0 differ: char 447, line 5 Can somebody explain this? thanks, Ruben de Groot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206152010.GA4747>