Re: statement from one of the klik project members [was: The klik project and Debian]

[Peter Palfrader <weasel@debian.org>]

On Fri, 20 Jan 2006, Wouter Verhelst wrote:

> > >   /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
> > 
> > Doesn't this introduce a local root exploit?  A user can easily write
> > their own /tmp/app/1/image file which contains, say, a setuid root bash
> > executable.
> 
> Yes, that's exactly what I was afraid of, myself.

user implies noexec, nosuid, and nodev unless overridden by subsequent
options according to the mount(8) manpage.

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/