Re: statement from one of the klik project members [was: The klik project and Debian]

On Fri, 20 Jan 2006, Bernhard R. Link wrote: > * Peter Palfrader <[EMAIL PROTECTED]> [060120 13:31]: > > user implies noexec, nosuid, and nodev unless overridden by subsequent > > options according to the mount(8) manpage. > > Please always keep in mind that this only reduces the chance, but still

Re: statement from one of the klik project members [was: The klik project and Debian]

* Peter Palfrader <[EMAIL PROTECTED]> [060120 13:31]: > user implies noexec, nosuid, and nodev unless overridden by subsequent > options according to the mount(8) manpage. Please always keep in mind that this only reduces the chance, but still keeps the possibility for holes open. (Like noexec cou

Re: Re: Re: statement from one of the klik project members [was: The klik project and Debian]

Wouter Verhelst wrote on debian-devel@lists.debian.org: > [Re-adding Cc to Kurt, as he's mentioned he isn't subscribed] > > On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote: > > Kurt Pfeifle wrote: > > > The klik client installation needs root privileges once, to add 7 lines > > > li

Re: statement from one of the klik project members [was: The klik project and Debian]

On Fri, 20 Jan 2006, Wouter Verhelst wrote: > > > /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0 > > > > Doesn't this introduce a local root exploit? A user can easily write > > their own /tmp/app/1/image file which contains, say, a setuid root bash > > executable. >

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

[Re-adding Cc to Kurt, as he's mentioned he isn't subscribed] On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote: > Kurt Pfeifle wrote: > > > > On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: > > > > And third, klik doesn't really "install". It brings exactly 1 addition

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

Kurt Pfeifle wrote: > > On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: > > > And third, klik doesn't really "install". It brings exactly 1 additional > > > file (the *.cmg) onto the system. It works with "user only" privileges. > > > > Hang on. You loop-mount with user-only privileg

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

> On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: > > And third, klik doesn't really "install". It brings exactly 1 additional > > file (the *.cmg) onto the system. It works with "user only" privileges. > > Hang on. You loop-mount with user-only privileges? How? The klik client insta

Re: statement from one of the klik project members [was: The klik project and Debian]

On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: > And third, klik doesn't really "install". It brings exactly 1 additional > file (the *.cmg) onto the system. It works with "user only" privileges. Hang on. You loop-mount with user-only privileges? How? -- .../ -/ ---/ .--./ / .--/