[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#4902: Major security hole in xvmount

Package: xvmount
Version: 3.6-1

xvmount is a major security hole. The standard installation enables EVERY
user to mount a cdrom or a floppy or a dos partition into the directory
tree. The mountpoint doesn't even have to be owned by the user running
xvmount since the program is suid root.

This is a very bad idea. Just copy bash onto a floppy and make it suid root
on your own machine et voila you'll be root on every machine with xvmount.

And the the description says:

Description: xvmount is a small utility for mounting devices by normal
	     users. It recognizes the following filesystem types: minix,
	     ext, ext2, msdos, xiafs and iso9660/High Sierra. It has a
	     simple OpenLook based user interface. It avoids possible
	     security holes opened by making mount suid root.

I'm sorry but how can you call this avoiding security holes.

Michael

-- 
Michael Meskes                   |    _____ ________ __  ____
meskes@informatik.rwth-aachen.de |   / ___// ____/ // / / __ \___  __________
meskes@sanet.de                  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
meskes@debian.org                |  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian GNU/Linux!            | /____/_/      /_/  /____/\___/_/  /____/

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: