Bugtraq mailing list archives
Re: Possible bufferoverflow condition in lpr, xterm and xload
From: juphoff () tarsier cv nrao edu (Jeff Uphoff)
Date: Tue, 13 Aug 1996 16:17:16 -0400
"MA" == Mike Acar <mike () contract kent edu> writes: MA> Speaking of suid binaries, *why* are /bin/mount and /bin/umount suid? MA> These shouldn't be run by anybody but the superuser. Linux supports the concept of user-mountable filesystems (via the option specification "user" in /etc/fstab), allowing non-root users to mount and unmount e.g. removable media like CD-ROM's and floppies. This functionality is obviously not available unless mount/umount are suid root. One thing to note about the "user" option in Linux is that once a user mounts one of these filesystems, *any* non-root user can unmount it (unless it's busy). I wrote a patch, sometime in '93, that tracked what user mounted such an FS and only allowed that user--or root, of course--to unmount said filesystem. I never submitted this patch to the util. maintainers (I used it extensively locally, however), but since it looks like mount/umount are about to get a bit of a rewrite perhaps I should update it and submit it.... --Up. -- Jeff Uphoff - systems/network admin. | juphoff () nrao edu National Radio Astronomy Observatory | juphoff () bofh org uk Charlottesville, VA, USA | jeff.uphoff () linux org PGP key available at: http://www.cv.nrao.edu/~juphoff/
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload Wolfram Schmidt (Aug 13)
- <Possible follow-ups>
- Re: Possible bufferoverflow condition in lpr, xterm and xload Jeff Uphoff (Aug 13)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Digital Dreamer (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in David DeSimone (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Vidar Madsen (Aug 15)
- Re: [linux-security] Re: Possible bufferoverflow condition in Shaun Lowry (Aug 16)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- The buggy realpath.c Alan Cox (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Nick Andrew (Aug 20)