Re: [linux-security] Re: Possible bufferoverflow condition in

[shaunl () march co uk (Shaun Lowry)]

Vidar Madsen <vidar () intercom no> writes:
> [discussion about mount and umount being suid root]
>
> >         This would be a good canidate for sudo.  As any good sysadmin
> > will keep telling you...  Disable ALL suid programs that are not
> > necessary for the normal operation of the system.  If a user needs to
> > mount filesystems, use sudo to all the operation as root.
>
> As far as I can see, the same security flaws would be equally exploitable
> when going through sudo or having the program suid root? After all, the
> exploit in mount/umount goes through the command line, and would therefore
> not be "filtered out" in any way even though one starts it from sudo?

Precisely why we need something more fine-grained than suid.  A good example
has been set in the form of the SVR4.2 privilege mechanism, which allows
nominated executables restricted access to administration functions.  A good
example (bearing in mind recent discussions on this list) is ping.  Ping is
not suid root by default on SVR4.2 systems, but it is explicitly allowed to
bind privileged ports in order to perform its function when executed by
non-root users.

I sincerely hope that this makes it through the current round of SCO/HP
UNIX revamps, along with HPUX's ACLs and some sort of user-oriented
privilege granting mechanism like the various methods being discussed on
Access Control.

        Shaun.

--
Shaun Lowry           | March Systems Ltd.,           http://www.march.co.uk/
PGP Key available     | 14 Brewery Court, High St.,
from key servers or   | Theale, UK. RG7 5AJ
via e-mail on request | +44 118 930 4224