Bugtraq mailing list archives
Possible problem of AIX mount
From: b811043 () MATH NTU EDU TW (Weizen)
Date: Tue, 22 Apr 1997 09:32:41 +0800
I have access to a group of AIX 4.systems ,which has suid root mount. IF you try to mount a NFS file system,it will tell you "Only root or member of system group can NFS mount/umount".In the AIX I can access,nuucp is a member of system group(maybe by default).i.e nuucp can mount /umount an NFS contain suid root shell and then become root! Since nuucp's is not 0,in some case,it is easier to get nuucp access then to get a root access. In the group of AIX computers I can use,if I cracked root on one of NFS client , I can easily execute program on NFS server remotely with euid nuucp to create a .forward for nuucp on NFS server,and then do a NFS mount,then become superuser of NFS server. It is not a big problem,but still not a good idea to allow to many account have power to NFS mount.
Current thread:
- Possible problem of AIX mount Weizen (Apr 21)