home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!mcsun!sun4nl!fwi.uva.nl!janw
- From: janw@fwi.uva.nl (Jan Wortelboer)
- Subject: Re: Setuid script - is this unsecure?
- Message-ID: <1992Nov20.135059.24347@fwi.uva.nl>
- Sender: news@fwi.uva.nl
- Nntp-Posting-Host: mail.fwi.uva.nl
- Organization: FWI, University of Amsterdam
- References: <1992Nov5.071354.24042@kth.se> <AMOSS.92Nov6102549@shuldig.cs.huji.ac.il> <1eg5tmINN9eh@cs.tut.fi>
- Date: Fri, 20 Nov 1992 13:50:59 GMT
- Lines: 34
-
- hmj@cs.tut.fi (J{rvinen Hannu-Matti) writes:
-
- >In article <AMOSS.92Nov6102549@shuldig.cs.huji.ac.il> amoss@shuldig.cs.huji.ac.il (Amos Shapira) writes:
- >>A general suggestion for a programme which will do what you want would be:
- >>
- >>main (ac, av)
- >> int ac;
- >> char **av;
- >>{
- >> exec ("/usr/etc/mount", av);
- >>}
- >>
- >>and have the object of this C programme suid root.
-
- >Equivalent would be that you let anybody execute mount (i.e., set
- >mount suid), which is not reasonable. Also you have to deny suid
- >programs on the floppy, and ensure that there does not exist special
- >devices on the floppy.
-
- >I've written a set of programs (fdmkfs, fdmount, and fdumount) to give
- >users access to the floppy. They are available by anonymous ftp on
- >site cs.tut.fi (130.230.4.2), file pub/src/tut/floppy.shar. Use on
- >your own risk.
-
- Everybode executing mount isn't indeed a good idea:
- How about mount /dev/fd /etc
-
-
- Jan.
- --
- Jan Wortelboer, University of Amsterdam
- Computer Science Department Email: janw@fwi.uva.nl
- Unix Kruislaan 403 Kamer F003 Phone: +31 20 525 7501
- systems manager 1098 SJ AMSTERDAM Fax : +31 20 525 7490
-
