[1634] in bugtraq
Re: nfs_mount in AIX
daemon@ATHENA.MIT.EDU (Julian Assange)
Sat Apr 29 00:12:08 1995
From: Julian Assange <proff@suburbia.apana.org.au>
To: fitz@wang.com (Tom Fitzgerald)
Date: Thu, 27 Apr 1995 13:48:04 +1000 (EST)
Cc: bugtraq@fc.net
In-Reply-To: <199504260115.AA06504@fnord.wang.com> from "Tom Fitzgerald" at Apr 25, 95 09:15:58 pm
> Here's a little additional information..... the nfs_mount routine does its
> work through the vmount() system call, which is documented. If this is a
> security hole at all, then it's because it would let an attacker mount a
> remote filesystem under his control onto a world-readable directory like
^^^^^^^^
> /tmp or /var/preserve, and thereby grab a copy of everything that was
> written to that directory. Anybody want to write a test program?
Shouldn't that be writeable?
-Proff
