[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



On Mon, Jul 03, 2000 at 02:24:55PM -0400, Christopher W. Curtis wrote:
> I thought about unplugging the reset button and power switches, but it's
> tough to hit them accidentally and if someone wanted the system down,
> they'd pull the plug out of the back.  I like having the ability to
> reset because I think it's easier on mechanical devices.

	Yeah, but a lot of our users like to use these machines remotely
because they can rely on them not to be in Windows (unlike our other
dual boot clients).  We try to keep only stable releases running on
our production net machines so that we don't have to hard boot them.

> Is the reason for disabling SysRq sinply the same (ability to reboot,
> etc) or do you think there could be an exploitable condition with the
> information given?

	Pretty much, it can be an exploitable condition.  And like i
said above, we try to keep things where it shouldn't be necessary to 
pull the plug or do sysrq-SUB.

> This is obviously a good idea given the SEVERE BUG (why do people argue
> over things like local users being able to trivially get root being
> severe?) present, in both the manpage (which recommends the auto.misc
> debian uses) and the defaults.  Why did you chose to do this initially?

	We figure that the usermount option (with appropriate nosuid,
nodev, and noexec options) in /etc/fstab are good enough.  Confusing to
some users at first, but they learn quickly enough.

-- 
Key fingerprint = 9C 6F 99 52 BF 97 C7 44  6F E3 4F 6E C6 2A 20 9F
http://www.nmt.edu/npsimons/

Attachment: pgpPjsh7_UuX4.pgp
Description: PGP signature


Reply to: