oss-sec mailing list archives
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
From: "Dmitry V. Levin" <ldv () altlinux org>
Date: Fri, 4 Mar 2011 05:56:13 +0300
On Thu, Mar 03, 2011 at 09:42:17PM -0500, Dan Rosenberg wrote: [...]
I discovered that essentially every suid mount helper that uses addmntent() (or invokes util-linux mount, which in turn calls addmntent()) to add entries to /etc/mtab fails to anticipate a low value for RLIMIT_FSIZE, allowing unprivileged users to corrupt /etc/mtab and possibly manipulate mountpoint options. Affected software includes at least:
[...]
There are a few possible options
One more option is to replace /etc/mtab regular file with a symlink to /proc/mounts, thus making any /etc/mtab editing unneeded. -- ldv
Attachment:
_bin
Description:
Current thread:
- Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 05)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Kees Cook (Mar 05)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Josh Bressers (Mar 07)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 15)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Mar 22)