Bug#384922: NFS insecure without support for squashing multiple groups
On Thu, Aug 31, 2006 at 11:46:15AM +1000, Paul Szabo wrote:
> You seem to think that this is "important" but not "critical".
> Don't you agree that it is a root security hole?
Indeed I do not agree that it's a root security hole. The bug log indicates
that it's only exploitable when
- you have a non-empty "staff" group on the client (+/- equivalent to
untrusted root users on the client, since any root user can simply add
users to this group)
- you have NFS-shared filesystems that aren't marked nosuid
- the untrusted user on the client has access to run processes on the NFS
- server
- /usr/local/{bin,sbin} are in root's path
- /usr/local/{bin,sbin} are writable by group staff
The last two points are true by default on Debian, but the first three
points are configuration decisions on the part of the NFS server
administrator. I understand that you have reasons to export shares allowing
suid binaries in your own environment, but then you can also reconfigure
root's path or the permissions on /usr/local/* in that case.
I do agree that root should not have directories in its path by default that
are writable by non-root users; but that is not this bug.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: