Vulnerability Development mailing list archives

Re: volcheck and sol 8

From: "Sarel J. Botha" <sjbotha () EMAIL COM>
Date: Sat, 22 Jul 2000 22:42:26 +0200

On Fri, Jul 21, 2000 at 05:45:30PM +0200, Michel Arboi wrote:

"DA" == Dimitry Andric <dim () XS4ALL NL> writes:


    DA> Of course, CD's should always be mounted nosuid, nodev, and
    DA> maybe even noexec if you are really paranoid.

Is this a real protection?
If you send a malicious script (shell script, Perl scrit,
whatever...), I suspect that _read_ access is enough to run it.


It depends on how the autorun command is run. I'm guessing it's being run
using exec(), which means that the above would make it safe, because exec()
won't execute a non-executable file, right?

--
------------------
Sarel Botha
sjbotha () email com
------------------

99 little bugs in the code, 99 bugs in the code,
          fix one bug, compile it again...
          101 little bugs in the code....

Current thread:

Re: volcheck and sol 8 Dimitry Andric (Jul 20)
- <Possible follow-ups>
- Re: volcheck and sol 8 Michel Arboi (Jul 20)
  - Re: volcheck and sol 8 Matthew Potter (Jul 20)
- Re: volcheck and sol 8 Marius Banica (Jul 20)
- Re: volcheck and sol 8 Jeffrey Karpenko (Jul 21)
- Re: volcheck and sol 8 Havens, Peter (Jul 21)
- Re: volcheck and sol 8 Michel Arboi (Jul 21)
  - Re: volcheck and sol 8 Sarel J. Botha (Jul 23)
  - Re: volcheck and sol 8 Brian Scanlan (Jul 24)