On Fri, 20 Jan 2006, Wouter Verhelst wrote:
> > > /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
> >
> > Doesn't this introduce a local root exploit? A user can easily write
> > their own /tmp/app/1/image file which contains, say, a setuid root bash
> > executable.
>
> Yes, that's exactly what I was afraid of, myself.
user implies noexec, nosuid, and nodev unless overridden by subsequent
options according to the mount(8) manpage.
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
