[1006] in linux-security and linux-alert archive
[linux-security] Re: [linux-alert] Vulnerability in ALL linux distributions
daemon@ATHENA.MIT.EDU (Mr Bjorn Borud)
Wed Aug 14 01:51:04 1996
Date: Tue, 13 Aug 1996 21:31:06 GMT
From: Mr Bjorn Borud <borud@itea.ntnu.no>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <32100972.747E6F33@mymail.com>
Reply-To: borud@itea.ntnu.no
[bloodmask]
|
| Affect: Local users on systems affected can gain overflow mounts syntax
| buffer and execute a shell by overwriting the stack.
|
| Affected binaries:
| (/bin/mount and /bin/umount)
|
| Workaround:
| On all current distributions of Linux remove suid bit of /bin/mount and
| /bin/umount.
| [chmod -s /bin/mount;chmod -s /bin/umount]
why are these suid per default anyway? a better policy for suidness
would be to NOT have anything suid per default if it's just to allow
an optional feature. I cant remember having seen one single machine
running Linux having 'user' as an option on any of it's filesystems.
why not encourage people to use amd instead? or am I missing some
major point here?
| Remarks:
| For gods sake, how many more times are we gonna see this kind of
| problem? It's been with Linux since it's very beggining, and it's
| so easy to exploit. Similiar buffer overflow vulnerabilities have
| been found in Linux distributions many times before, splitvt, dip,
| just to name a few examples.
as long as things are written in C I'm afraid you'll have to expect
this kind of weakness in many programs. it's real easy to miss
potential buffer overruns.
-Bjørn