Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: [linux-security] Re: Possible bufferoverflow condition in
Re: [linux-security] Re: Possible bufferoverflow condition in
Zygo Blaxell (
zblaxell
myrus.com)
Wed, 21 Aug 1996 14:13:18 -0400
In article <Pine.LNX.3.91.960815103659.160B-100000vega.intercom.no>,
Vidar Madsen <BUGTRAQNETSPACE.ORG> wrote:
>[discussion about mount and umount being suid root]
>> This would be a good canidate for sudo. As any good sysadmin
>> will keep telling you... Disable ALL suid programs that are not
>> necessary for the normal operation of the system. If a user needs to
>> mount filesystems, use sudo to all the operation as root.
>
>As far as I can see, the same security flaws would be equally exploitable
>when going through sudo or having the program suid root? After all, the
>exploit in mount/umount goes through the command line, and would therefore
>not be "filtered out" in any way even though one starts it from sudo?
I would imagine that sudo could be configured to run a specific 'mount'
command with arguments, and ignore all arguments and environment variables
supplied by the user. So there would be a sudo entry for
mount /dev/fd0 /mnt/floppy -orw,noexec,nosuid,nodev,uid=123,gid=123,umask=002 -v
and another for
umount /mnt/floppy
This does start getting painful when you consider read-only/read-write
flags, filesystem type, etc. and multiply this by the number of devices
you might want to mount from. On the other hand, it does promote a
certain amount of minimalism with privileges, which is usually a
good thing.
--
Zygo Blaxell. Unix/soft/hardware guru, was for U of Waterloo CS Club, now for
(name withheld by request). 10th place, ACM Intl Collegiate Programming Contest
Finals, 1994. Admin Linux/TCP/IP for food, clothing, anime. Pager: 1 (613)
760 8572. "I gave up $1000 to avoid working on windoze... *sigh*" - Amy Fong
