Re: Re: statement from one of the klik project members [was: The klik project and Debian]
[Re-adding Cc to Kurt, as he's mentioned he isn't subscribed]
On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote:
> Kurt Pfeifle wrote:
>
> > > On Thu, Jan 19, 2006 at 08:34:59PM +0000, Kurt Pfeifle wrote:
> > > > And third, klik doesn't really "install". It brings exactly 1 additional
> > > > file (the *.cmg) onto the system. It works with "user only" privileges.
> > >
> > > Hang on. You loop-mount with user-only privileges? How?
> >
> > The klik client installation needs root privileges once, to add 7 lines
> > like this one to /etc/fstab:
> >
> > /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
>
> Doesn't this introduce a local root exploit? A user can easily write
> their own /tmp/app/1/image file which contains, say, a setuid root bash
> executable.
Yes, that's exactly what I was afraid of, myself.
--
.../ -/ ---/ .--./ / .--/ .-/ .../ -/ ../ -./ --./ / -.--/ ---/ ..-/ .-./ / -/
../ --/ ./ / .--/ ../ -/ ..../ / -../ ./ -.-./ ---/ -../ ../ -./ --./ / --/
-.--/ / .../ ../ --./ -./ .-/ -/ ..-/ .-./ ./ .-.-.-/ / --/ ---/ .-./ .../ ./ /
../ .../ / ---/ ..-/ -/ -../ .-/ -/ ./ -../ / -/ ./ -.-./ ..../ -./ ---/ .-../
---/ --./ -.--/ / .-/ -./ -.--/ .--/ .-/ -.--/ .-.-.-/ / ...-.-/
Reply to: