Re: SECURITY PROBLEM: autofs [all versions]

To: Will Lowe <harpo@udlug.org>
Cc: Debian Devel List <debian-devel@lists.debian.org>
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Date: Mon, 03 Jul 2000 14:09:11 -0400
Message-id: <[🔎] 3960D6C7.659ACE28@aet-usa.com>
References: <Pine.LNX.3.96.1000630205848.25282A-100000@earth.review.udel.edu>

Will Lowe wrote:
> 
> > "nosuid,nodev" and as such anyone with a floppy disk and physical access
> > to a floppy drive may become root on that machine.
> 
> Give a local user physical access to the floppy drive, and he'll just
> reboot the machine with a rescue floppy in the floppy drive if he wants
> root. Same with the CD drive, or zip disks.

A) There are BIOS restrictions to prevent this.
b) These can only be circumvented by pulling the machine apart.
3) People will notice a machine going down.
IV) It's an easy fix.

Christopher

Reply to:

Prev by Date: Re: Debian 2.2 Release.
Next by Date: Re: SECURITY PROBLEM: autofs [all versions]
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread