[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Re: statement from one of the klik project members [was: The klik project and Debian]

Wouter Verhelst wrote on debian-devel@lists.debian.org:
> [Re-adding Cc to Kurt, as he's mentioned he isn't subscribed]
> On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote:
> > Kurt Pfeifle wrote:
> > > The klik client installation needs root privileges once, to add 7 lines
> > > like this one to /etc/fstab:
> > >
> > >   /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0
> > > 0
> >
> > Doesn't this introduce a local root exploit?  A user can easily write
> > their own /tmp/app/1/image file which contains, say, a setuid root bash
> > executable.
> Yes, that's exactly what I was afraid of, myself.

Please try "man mount". If your manpage is similar to mine, it will 
contain something like:

---------------------------- snip ----------------------------------
   user   Allow an ordinary user to mount the file system.  The name 
          of the mounting user is written to mtab so that he can un-
          mount the file system again.   This option implies the op-
          tions noexec, nosuid, and nodev (unless overridden by sub-
          sequent options, as in the option line user,exec,dev,suid).
---------------------------- snap ----------------------------------

Note the part mentioning "nosuid" - and compare it to the fstab line 
used by klik.   :-)

Kurt  [not subscribed]

Reply to: