[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: klik, loop mounts, and insecurity [was: statement from one of the klik project members]

> > Please try "man mount". If your manpage is similar to mine, it will
> > contain something like:
> >
> > ---------------------------- snip ----------------------------------
> >    user   Allow an ordinary user to mount the file system.  The name
> >           of the mounting user is written to mtab so that he can un-
> >           mount the file system again.   This option implies the op-
> >           tions noexec, nosuid, and nodev (unless overridden by sub-
> >           sequent options, as in the option line user,exec,dev,suid).
> > ---------------------------- snap ----------------------------------
> >
> > Note the part mentioning "nosuid" - and compare it to the fstab line
> > used by klik.   :-)
> You might want to read your manpage a bit more:
>    nosuid   Do not allow set-user-identifier or set-group-identifier
>             bits to take effect. (This seems safe, but is in fact
>             rather unsafe if you have suidperl(1) installed.)
> Particularly note the parenthetical sentence.

I do.

But if I have suidperl(1) installed on my (multiuser) system, then I have
bigger fish to fry than just the klik ones anyway. Then practically every 
script can be tricked into setuid execution of all criminal commands you

So... you are right here.

> On another point, I believe you said earlier that the admin is required to
> add 7 of those lines to fstab before klik could be used. 

Yes. ("root privileges" -- meaning a sudoer user can also install the klik
client and modify the fstab).

> Does that mean 
> that no more than 7 applications can be installed, or that no more than 7
> users can use klik on the one machine? 

It means that no more than 7 klik .cmg apps can be used concurrently by
the default klik client installations. No more than 7 concurrent loop
mounts by mortal users.

Actually, the kernel limit is 8. But klik leaves generously one over for
other uses (such as Knoppix)  ;-)

> Either way, it seems quite 
> artificially limiting. 


I said so in an earlier posting:

   We know this is ugly (and a big limitation) -- but
   once Kernel 2.6.14 with FUSE will become more widespread, 
   this will no longer be required.

It is just the way that loopmounting is limited. You can tune it up to 32
concurrent mount points, by editing the config file and using the appropriate
kernel parameter for booting.

> If I have an 8th user who wants to use klik, what 
> do I do?

Whatever you prefer:   :-)  
 * kick off one user
 * reboot with a tuned setting
 * install a 2.6.14 Kernel with FUSE support (and install the
   experimental modifications to klik to make use of it).

(well, the 8th is still easy. The problem starts with the 9th, or the 33th...)

> - Matt


Reply to: