-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Out of the box you need to be root to mount things. Once you have > root access to a box you don't need silly things like this to crash > it. > > If you've gone out of your way to configure your box in such a way > that a non-root user can mount arbitrary UFS filesystems then they > certainly don't need to waste their time with buffer-overflows and > the like. They can simply mount a filesystem with any number of SUID > root binaries on it and have their way with the box. > > Either way, while it's senseless to argue that the buffer overflows > don't exist, anyone in a positiion to actually exploit them doesn't > need them to be malicious.
I do quite not agree with your analysis. Firstly, if you set the vfs.usermount sysctl to 1, users can mount any filesystem from a device they have read access to to any directory they own, _but_ if the user does so, FreeBSD will automatically mount that filesystem nosuid. So the intent is to give a local user the possibilty to mount a filesystem without gaining full control over the machine. Secondly, why would people go out of their way to set that sysctl to 1? I can see this happen in environments where users are not supposed to have full control over their desktop machines, but where they need to transfer data to/from USB flash drives. Thirdly, while I'm talking about desktop machines, many desktop Linux distributions are configured such they will _automatically_ mount USB media once those are plugged in (and pop up an icon on the KDE or GNOME desktop). It's only a matter of time until such functionality will be available on FreeBSD (maybe it already is?) and widely used on desktop machines (e.g. on Laptops, in Internet Cafes), as it seems to be quite user friendly. On such machines an attacker would not even need a local user account. While one might say that these attack scenarios all require physical access (and we all know that physical access is game over, right;)), simply plugging in a USB memory device is much more inconspicious than other "physical" attacks, like rebooting a box into single user mode (which one could additionally secure with a password prompt). Lutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZ1BIDbEkl9DbWrYRApJxAJ9sZu//5ZtoHTeX2YMaLn53n1PN0gCgifcB Qh6fl46dcLqkLW+9gRrLV3Y= =6jiY -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"