Re: [linux-security] Re: Possible bufferoverflow condition in

[mhjack () tscnet com (Mike Jackson)]

On Tue, 13 Aug 1996, Jeff Uphoff wrote:

> "MA" == Mike Acar <mike () contract kent edu> writes:
>
> MA> Speaking of suid binaries, *why* are /bin/mount and /bin/umount suid?
> MA> These shouldn't be run by anybody but the superuser.
>
> Linux supports the concept of user-mountable filesystems (via the option
> specification "user" in /etc/fstab), allowing non-root users to mount
> and unmount e.g. removable media like CD-ROM's and floppies.  This
> functionality is obviously not available unless mount/umount are suid
> root.

        This would be a good canidate for sudo.  As any good sysadmin
will keep telling you...  Disable ALL suid programs that are not
necessary for the normal operation of the system.  If a user needs to
mount filesystems, use sudo to all the operation as root.

        The same point goes for any other program.  Very few programs
need to actually be suid root.  Most systems are using ppp these days,
rather then slip.  But how many systems still have dip set suid root?!
I'd bet a lot do.

        Check your systems!  Bugs in programs are found every day.
Disable what is not needed.

        If only root mounts on your system, then use mode 700 for that
mount command..

                                        Mike Jackson
                                        TSCNet