From owner-freebsd-security Wed Feb 12 08:07:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA06986 for security-outgoing; Wed, 12 Feb 1997 08:07:03 -0800 (PST) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA06965 for ; Wed, 12 Feb 1997 08:06:52 -0800 (PST) Received: from sol1.gud.siemens.co.at (root@[10.1.143.100]) by zwei.siemens.at (8.7.5/8.7.3) with SMTP id RAA04515 for ; Wed, 12 Feb 1997 17:07:26 +0100 (MET) Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp (Smail3.1.28.1 #7 for ) id m0vuhBl-00021hC; Wed, 12 Feb 97 17:05 MET Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37) id AA076933342; Wed, 12 Feb 1997 17:02:22 +0100 From: "Hr.Ladavac" Message-Id: <199702121602.AA076933342@ws2301.gud.siemens.co.at> Subject: Raw partition access rights To: freebsd-security@freebsd.org Date: Wed, 12 Feb 1997 17:02:22 +0100 (MEZ) X-Mailer: ELM [version 2.4 PL24 ME8a] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi all, it just occured to me, maybe it's an idiocy, but it might work on some boxes. I did not try it on FreeBSD. Assume there is a volume which is not mounted -nodev. Assume I create a device node for a raw disk partition. Assume that I give this node read and write permissions for me. Assume that I have a hacked fsck which can change metadata for chosen files on a partition it can read and write. Metadata such as owner, group, mode bits. Since I have just created a device special file, I should be able to open this raw partition for read and write. I then let my fsck loose. You are screwed. Tell me this is impossible. Please :) /Marino