[1006] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: [linux-alert] Vulnerability in ALL linux distributions

daemon@ATHENA.MIT.EDU (Mr Bjorn Borud)
Wed Aug 14 01:51:04 1996

Date: Tue, 13 Aug 1996 21:31:06 GMT
From: Mr Bjorn Borud <borud@itea.ntnu.no>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <32100972.747E6F33@mymail.com>
Reply-To: borud@itea.ntnu.no

[bloodmask]
| 
| Affect: Local users on systems affected can gain overflow mounts syntax 
| buffer and execute a shell by overwriting the stack.
| 
| Affected binaries:
| (/bin/mount and /bin/umount)
| 
| Workaround:
| On all current distributions of Linux remove suid bit of /bin/mount and 
| /bin/umount. 
| [chmod -s /bin/mount;chmod -s /bin/umount]

why are these suid per default anyway?  a better policy for suidness
would be to NOT have anything suid per default if it's just to allow
an optional feature.  I cant remember having seen one single machine
running Linux having 'user' as an option on any of it's filesystems.

why not encourage people to use amd instead?  or am I missing some
major point here?

| Remarks:
| For gods sake, how many more times are we gonna see this kind of
| problem?  It's been with Linux since it's very beggining, and it's
| so easy to exploit. Similiar buffer overflow vulnerabilities have
| been found in Linux distributions many times before, splitvt, dip,
| just to name a few examples.

as long as things are written in C I'm afraid you'll have to expect
this kind of weakness in many programs.  it's real easy to miss
potential buffer overruns.

-Bjørn

home help back first fref pref prev next nref lref last post