Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]

To: debian-devel@lists.debian.org
Cc: k1pfeifle@gmx.net
Subject: Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]
From: Matthew Palmer <mpalmer@debian.org>
Date: Sat, 21 Jan 2006 06:27:25 +1100
Message-id: <[🔎] 20060120192725.GC18682@hezmatt.org>
Mail-followup-to: debian-devel@lists.debian.org, k1pfeifle@gmx.net
In-reply-to: <[🔎] 200601201559.24347.k1pfeifle@gmx.net>
References: <[🔎] 200601201559.24347.k1pfeifle@gmx.net>

On Fri, Jan 20, 2006 at 03:59:23PM +0000, Kurt Pfeifle wrote:
> Wouter Verhelst wrote on debian-devel@lists.debian.org:
> > [Re-adding Cc to Kurt, as he's mentioned he isn't subscribed]
> >
> > On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote:
> > > Kurt Pfeifle wrote:
> > > > The klik client installation needs root privileges once, to add 7 lines
> > > > like this one to /etc/fstab:
> > > >
> > > >   /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0
> > > > 0
> > >
> > > Doesn't this introduce a local root exploit?  A user can easily write
> > > their own /tmp/app/1/image file which contains, say, a setuid root bash
> > > executable.
> >
> > Yes, that's exactly what I was afraid of, myself.
> 
> Please try "man mount". If your manpage is similar to mine, it will 
> contain something like:
> 
> ---------------------------- snip ----------------------------------
> OPTIONS
>    user   Allow an ordinary user to mount the file system.  The name 
>           of the mounting user is written to mtab so that he can un-
>           mount the file system again.   This option implies the op-
>           tions noexec, nosuid, and nodev (unless overridden by sub-
>           sequent options, as in the option line user,exec,dev,suid).
> ---------------------------- snap ----------------------------------
> 
> Note the part mentioning "nosuid" - and compare it to the fstab line 
> used by klik.   :-)

You might want to read your manpage a bit more:

   nosuid   Do not allow set-user-identifier or set-group-identifier
            bits to take effect. (This seems safe, but is in fact
            rather unsafe if you have suidperl(1) installed.)
                     
Particularly note the parenthetical sentence.

On another point, I believe you said earlier that the admin is required to
add 7 of those lines to fstab before klik could be used.  Does that mean
that no more than 7 applications can be installed, or that no more than 7
users can use klik on the one machine?  Either way, it seems quite
artificially limiting.  If I have an 8th user who wants to use klik, what do
I do?

- Matt

Reply to:

Follow-Ups:
- Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]
  - From: Sam Morris <sam@robots.org.uk>

References:
- Re: Re: Re: statement from one of the klik project members [was: The klik project and Debian]
  - From: Kurt Pfeifle <k1pfeifle@gmx.net>

Prev by Date: Re: For those who care about their packages in Ubuntu
Next by Date: Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]
Previous by thread: Re: Re: Re: statement from one of the klik project members [was: The klik project and Debian]
Next by thread: Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]
Index(es):
- Date
- Thread