Re: [linux-security] Re: Possible bufferoverflow condition in

[zblaxell () myrus com (Zygo Blaxell)]

In article <Pine.LNX.3.91.960815103659.160B-100000 () vega intercom no>,
Vidar Madsen  <BUGTRAQ () NETSPACE ORG> wrote:
> [discussion about mount and umount being suid root]
> >         This would be a good canidate for sudo.  As any good sysadmin
> > will keep telling you...  Disable ALL suid programs that are not
> > necessary for the normal operation of the system.  If a user needs to
> > mount filesystems, use sudo to all the operation as root.
>
> As far as I can see, the same security flaws would be equally exploitable
> when going through sudo or having the program suid root? After all, the
> exploit in mount/umount goes through the command line, and would therefore
> not be "filtered out" in any way even though one starts it from sudo?

I would imagine that sudo could be configured to run a specific 'mount'
command with arguments, and ignore all arguments and environment variables
supplied by the user.  So there would be a sudo entry for

        mount /dev/fd0 /mnt/floppy -orw,noexec,nosuid,nodev,uid=123,gid=123,umask=002 -v

and another for

        umount /mnt/floppy

This does start getting painful when you consider read-only/read-write
flags, filesystem type, etc. and multiply this by the number of devices
you might want to mount from.  On the other hand, it does promote a
certain amount of minimalism with privileges, which is usually a
good thing.
--
Zygo Blaxell. Unix/soft/hardware guru, was for U of Waterloo CS Club, now for
(name withheld by request). 10th place, ACM Intl Collegiate Programming Contest
Finals, 1994.  Admin Linux/TCP/IP for food, clothing, anime.  Pager: 1 (613)
760 8572.  "I gave up $1000 to avoid working on windoze... *sigh*" - Amy Fong