Re: statement from one of the klik project members [was: The klik project and Debian]
On Fri, 20 Jan 2006, Bernhard R. Link wrote:
> * Peter Palfrader <email@example.com> [060120 13:31]:
> > user implies noexec, nosuid, and nodev unless overridden by subsequent
> > options according to the mount(8) manpage.
> Please always keep in mind that this only reduces the chance, but still
> keeps the possibility for holes open. (Like noexec could be circumvented
This seems incorrect to me. It has absolutely no impact whatsoever in the
security of a system that already has "user" mounts, and that allows users
to execute arbritary executables *anywhere* (and this later risk is that of
running unauthorized programs, and not of privilege escalation).
> by calling ld.so directly, nosuid by perl-suid and so on, and there might
> always be some other program sleeping somewhere waiting for its chance)
That would require a kernel bug involving local priviledge escalation, or a
severe bug in a suid application already in the system. klik by no means
make it any easier to exploit such bugs, unless klik is the sole way a new
"suid-bit-set" program could be brought into the system (even in a no-suid
partition). Again, this is only true on systems where kilk is the only
user-mountable media or the only user-mountable-with-execute-permission
media with exec permission.
And the ld.so avenue of running executables on non-executable partitions
seems to be closed (at first glance) in Debian Sid.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot