[3145] in bugtraq
Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Tue Aug 13 19:34:08 1996
Date: Tue, 13 Aug 1996 16:17:16 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of Tue, August 13, 1996 09:25:03 -0400
"MA" == Mike Acar <mike@contract.kent.edu> writes:
MA> Speaking of suid binaries, *why* are /bin/mount and /bin/umount suid?
MA> These shouldn't be run by anybody but the superuser.
Linux supports the concept of user-mountable filesystems (via the option
specification "user" in /etc/fstab), allowing non-root users to mount
and unmount e.g. removable media like CD-ROM's and floppies. This
functionality is obviously not available unless mount/umount are suid
root.
One thing to note about the "user" option in Linux is that once a user
mounts one of these filesystems, *any* non-root user can unmount it
(unless it's busy).
I wrote a patch, sometime in '93, that tracked what user mounted such an
FS and only allowed that user--or root, of course--to unmount said
filesystem. I never submitted this patch to the util. maintainers (I
used it extensively locally, however), but since it looks like
mount/umount are about to get a bit of a rewrite perhaps I should update
it and submit it....
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | juphoff@bofh.org.uk
Charlottesville, VA, USA | jeff.uphoff@linux.org
PGP key available at: http://www.cv.nrao.edu/~juphoff/
