A little while ago I wrote:
> (A partial solution would be to mount nosuid. Another part would require a
> squash-gid-on-mount option: mount has no such options for NFS, though has
> similar options for some other filesystems; there are also uid/gid mapping
> options for NFS exports.)
Re-reading,
>>[...] I wonder about group tty.
>
> Group tty exists to support write(1), wall(1) and similar. Terminals
> are writable by group tty when mesg is "y" (default for non-root users).
We have write(1) and wall(1) setgid tty (and not setuid root) because we do
not trust them. Should audit the sourc
Manoj Srivastava <[EMAIL PROTECTED]> wrote:
>> Sorry, but that is not the issue. The attacked machine would not be
>> an exporter, but a mounter of user files.
>
> Umm. The exporter is the one that got attacked, since it has
> the data. every other user that mounts the file system is colla
On Sun, Mar 20, 2005 at 11:21:07AM +1100, [EMAIL PROTECTED] wrote:
>[...] I wonder about group tty.
Group tty exists to support write(1), wall(1) and similar. Terminals
are writable by group tty when mesg is "y" (default for non-root users).
--bod
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
4 matches
Mail list logo
