home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.security
- From: shipley@godzilla.tcs.com (Peter Shipley)
- Subject: lofs security bug
- Message-ID: <1991Oct4.214436.18563@tcsi.com>
- Keywords: lofs
- Date: Fri, 4 Oct 1991 21:44:36 GMT
-
-
- Tested under SunOS 4.1 ( and 4.1.1 )
-
- Files can be deleted from a file systems mounted read-only via. the
- loopback filesystem.
-
- This can be a security problem if you realy on loopback filesystem (lofs)
- for protection (for example is if you mount / readonly on /safe_root via lofs
- then chroot guest accounts onto /safe_root).
-
- To repeat: [From memory]
-
- % whoami
- shipley
- % mkdir /tmp/tester
- % cp /etc/motd /tmp/tester/file
- % su
- # mount
- /dev/sd0a on / type 4.2 (rw,nosuid)
- /dev/sd0g on /usr type 4.2 (rw)
- # mkdir /lo
- # mount -t lo -o ro /tmp/tester /lo
- # mount
- /dev/sd0a on / type 4.2 (rw,nosuid)
- /dev/sd0g on /usr type 4.2 (rw)
- /tmp/tester on /lo type 4.2 (rw)
- # suspend
- % cd /lo
- % ls -l file
- -rw-rw-rw- 1 shipley 23 Jun 4 1990 file
- % touch foo
- foo: Read-only file system
- % rm file
- % ls -l file
- file not found
- ls -Fa
- ./ ../
- %
-
- Sun has been notified, the bugid is: 1053782
-
- Work around: Don't use the loopback filesystem for
- file deletion/modification protection.
-
-
-
-
- --
- Pete Shipley:
- email: shipley@berkeley.edu Flames: cimarron@postgres.berkeley.edu
- uunet!lurnix!shipley or ucbvax!shipley or shipley@tcs.com
- Spelling corections: /dev/null Quote: "Anger is an energy"
-
-
