Vulnerability Development mailing list archives

Re: volcheck and sol 8

From: dim () XS4ALL NL (Dimitry Andric)
Date: Thu, 20 Jul 2000 21:59:57 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2000-07-18 at 13:35 Matthew Potter wrote:

So what happens if I make my own CD with a little shell script which
calls a prebuilt binary with a setuid and setgid 0 , then
system("/bin/sh").... or what ever i want. THis is DEFAULT behavior.
I am sure you would disable it from running in vold.conf.


Of course, CD's should always be mounted nosuid, nodev, and maybe
even noexec if you are really paranoid. Note that these are Linux/BSD
options, I sincerely hope that Solaris has these too... ;-)

Cheers,
- --
Dimitry Andric <dim () xs4all nl>
PGP key: http://www.xs4all.nl/~dim/dim.asc
KeyID: 4096/1024-0x2E2096A3
Fingerprint: 7AB4 62D2 CE35 FC6D 4239 4FCD B05E A30A 2E20 96A3

-----BEGIN PGP SIGNATURE-----
Version: Encrypted with PGP Plugin for Calypso
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBOXdMLbBeowouIJajEQI7PQCghPme52ScT0JIcFezpPC25HTgG/gAn23U
c7E/ThijSvz+wrDXUiKel1yJ
=rgwY
-----END PGP SIGNATURE-----

Current thread:

Re: volcheck and sol 8 Dimitry Andric (Jul 20)
- <Possible follow-ups>
- Re: volcheck and sol 8 Michel Arboi (Jul 20)
  - Re: volcheck and sol 8 Matthew Potter (Jul 20)
- Re: volcheck and sol 8 Marius Banica (Jul 20)
- Re: volcheck and sol 8 Jeffrey Karpenko (Jul 21)
- Re: volcheck and sol 8 Havens, Peter (Jul 21)
- Re: volcheck and sol 8 Michel Arboi (Jul 21)
  - Re: volcheck and sol 8 Sarel J. Botha (Jul 23)
  - Re: volcheck and sol 8 Brian Scanlan (Jul 24)