[900] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: You wouldn't believe it...

daemon@ATHENA.MIT.EDU (velcro@pobox.com)
Fri Jul 12 11:37:54 1996

To: jhenders@bogon.com
Date: Wed, 10 Jul 1996 21:36:22 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <E0ue6CB-00013a-00@stdismas.bogon.com> from "John Henders" at Jul 10, 96 01:49:15 pm
From: velcro@pobox.com
Reply-To: velcro@pobox.com

jhenders@bogon.com:

> Jon Lewis writes:
> 
> > [tmp]
> >    comment = Temporary file space
> >    path = /tmp
> >    read only = no
> >    public = yes
> > 
> > On a small box such as this one, where the root fs is _the_ fs, a world 
> > writable (no account needed) exported directory could be a very bad thing.
> 
> Only if there's a bug in samba that allows you to get out of the
> directory that is exported, as there was with the NT implementation.

Exporting /tmp rw is always scary, especially when you don't have root
squash or somesuch enabled.


> The problem is even worse when installing a whole distribution, as in my
> experience, no one sticks around to watch the messages printed on a
> large install. Perhaps if the installers had info sheets for each
> package, on a bulk install they could save them all to disk and then
> mail the whole thing to root after installation.

Fantastic idea.  Pretty please, redhat.com?


--
Dan D'Ambrosio
velcro@pobox.com

home help back first fref pref prev next nref lref last post