On Thu, Mar 17, 2005 at 05:43:19AM +1100, [EMAIL PROTECTED] wrote:
> "Brendan O'Dea" <[EMAIL PROTECTED]> wrote:
>
> > ... there's more at stake here than just PATH, since perl for example has
> > /usr/local/{lib,share}/perl earlier in @INC than /usr/{lib,share}/perl...
> >
> > I'm not sure what the emacs site-lisp search order is, but that may well
> > provide a similar vector.
>
> Thanks for pointing out those avenues of attack.
>
> In your summary you seem to have missed that any machines that share user
> files via writable NFS mounts are vulnerable. (Are vulnerable if you mount
> an NFS filesystem that is writable to others.)
No that is not true. You need to use root_squash for any semblance of
security anyway. In that case you can also use squash_gids to prevent
the attack.
It is a security flaw with NFS rather than with Debian. I can design a
system so that random users can override any files not in group bin.
Will that make it a Debian bug?
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large red swirl here.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
