From owner-freebsd-security  Wed Feb 12 10:47:07 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id KAA19197
          for security-outgoing; Wed, 12 Feb 1997 10:47:07 -0800 (PST)
Received: from hydrogen.nike.efn.org (resnet.uoregon.edu [128.223.170.28])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA19158
          for <freebsd-security@freebsd.org>; Wed, 12 Feb 1997 10:46:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
          by hydrogen.nike.efn.org (8.8.4/8.8.4) with SMTP
	  id KAA21046; Wed, 12 Feb 1997 10:45:57 -0800 (PST)
Date: Wed, 12 Feb 1997 10:45:57 -0800 (PST)
From: John-Mark Gurney <jmg@nike.efn.org>
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
To: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at>
cc: freebsd-security@freebsd.org
Subject: Re: Raw partition access rights
In-Reply-To: <199702121602.AA076933342@ws2301.gud.siemens.co.at>
Message-ID: <Pine.BSF.3.95q.970212104203.24299b-100000@hydrogen.nike.efn.org>
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 12 Feb 1997, Hr.Ladavac wrote:

> Hi all,
> 
> it just occured to me, maybe it's an idiocy, but it might work on
> some boxes.  I did not try it on FreeBSD.
> 
> Assume there is a volume which is not mounted -nodev.
> Assume I create a device node for a raw disk partition.
> Assume that I give this node read and write permissions for me.
> Assume that I have a hacked fsck which can change metadata for chosen
> files on a partition it can read and write.  Metadata such as owner,
> group, mode bits.
> 
> Since I have just created a device special file, I should be able to open
> this raw partition for read and write.  I then let my fsck loose.  You are
> screwed.

yes.. this is possible...

> Tell me this is impossible.  Please :)

well.. you told us to assume that you created the node file... :)  but
under freebsd non-root users can't create node files... so it doesn't work
under freebsd..  for more info see mknod(2)...  ttyl... 

John-Mark

gurney_j@efn.org
http://resnet.uoregon.edu/~gurney_j/
Modem/FAX: (541) 683-6954   (FreeBSD Box)

Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)