Bugtraq mailing list archives
Bug in Linux Mount
From: jajcus () ZEUS POLSL GLIWICE PL (Jacek Konieczny)
Date: Tue, 20 Apr 1999 17:58:07 +0200
Hi, While mounting a CD-ROM from some magazine I have found a bug in linux kernel or mount program. My /etc/fstab contains: /dev/cdrom /mnt/cdrom iso9660 user,noauto,ro,noexec,check=relaxed 0 0 /dev/cdrom is: brw-r--r-- 1 root root 22, 0 cze 1 1998 /dev/cdrom /mnt/cdrom is: drwxr-xr-x 2 root root 1024 gru 29 1997 /mnt/cdrom When mounting cdrom as normal user: [jacek@koniu jacek]$mount -v /mnt/cdrom /dev/cdrom on /mnt/cdrom type iso9660 (ro,noexec,nosuid,nodev,check=relaxed) But: [jacek@koniu jacek]$ls -l /mnt/cdrom/index.htm -r-xr-xr-x 1 root root 869 lis 15 1997 /mnt/cdrom/index.htm As you can see the file (and all other files on the CD) have all execute bit set, although filesystem is mounted by user and with "noexec". I am not sure what type of filesystem it is, probably some kind of Joliet, but this means that one can prepare a CDROM so it can start programs from it even on system he isn't supposed to do so. [jacek@koniu jacek]$uname -r 2.2.5 [jacek@koniu jacek]$rpm -q mount mount-2.7l-3 Greets, Jacek -- +---------+--------------------------------------------------------+ ! , ! Jacek Konieczny, Gliwice, Poland ! ! Jajcus ! email: jajcus () zeus polsl gliwice pl, jacek () kde org ! ! ! ICQ# 7149127 WWW: none (yet) ! +---------+--------------------------------------powered-by-Linux--+
Current thread:
- Re: Plain text passwords--necessary, (continued)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
- AOL Instant Messenger URL Crash Adam Brown (Apr 19)
- Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
- Shopping Carts exposing CC data Joe (Apr 19)
- Re: Shopping Carts exposing CC data Joe (Apr 20)
- Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)
- Re: Outlook 98 allows spoofing internal users Peter van Dijk (Apr 25)
- Re: Shopping Carts exposing CC data Louis R. Marascio (Apr 20)
- eBay password stealing with JavaScript Michael K. Sanders (Apr 20)
- Re: eBay password stealing with JavaScript Paul Festa (Apr 21)
- Bug in Linux Mount Jacek Konieczny (Apr 20)
- Re: Bug in Linux Mount Meelis Roos (Apr 20)
- Re: Plain text passwords--necessary Tom Perrine (Apr 20)