[4312] in bugtraq
Possible problem of AIX mount
daemon@ATHENA.MIT.EDU (Weizen)
Tue Apr 22 00:39:59 1997
Date: Tue, 22 Apr 1997 09:32:41 +0800
Reply-To: Weizen <b811043@MATH.NTU.EDU.TW>
From: Weizen <b811043@MATH.NTU.EDU.TW>
To: BUGTRAQ@NETSPACE.ORG
I have access to a group of AIX 4.systems ,which has suid root mount.
IF you try to mount a NFS file system,it will tell you "Only root or
member of system group can NFS mount/umount".In the AIX I can
access,nuucp is a member of system group(maybe by default).i.e nuucp can
mount /umount an NFS contain suid root shell and then become root!
Since nuucp's is not 0,in some case,it is easier to get nuucp access
then to get a root access.
In the group of AIX computers I can use,if I cracked root on one of NFS client
, I can easily execute program on NFS server remotely with euid nuucp
to create a .forward for nuucp on NFS server,and then do
a NFS mount,then become superuser of NFS server.
It is not a big problem,but still not a good idea to allow to many
account have power to NFS mount.
