Comment 33 for bug 13795
Revision history for this message
|
|
#33 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Thu, Mar 17, 2005 at 05:43:19AM +1100, <email address hidden> wrote:
> "Brendan O'Dea" <email address hidden> wrote:
>
> > ... there's more at stake here than just PATH, since perl for example has
> > /usr/local/
> >
> > I'm not sure what the emacs site-lisp search order is, but that may well
> > provide a similar vector.
>
> Thanks for pointing out those avenues of attack.
>
> In your summary you seem to have missed that any machines that share user
> files via writable NFS mounts are vulnerable. (Are vulnerable if you mount
> an NFS filesystem that is writable to others.)
No that is not true. You need to use root_squash for any semblance of
security anyway. In that case you can also use squash_gids to prevent
the attack.
It is a security flaw with NFS rather than with Debian. I can design a
system so that random users can override any files not in group bin.
Will that make it a Debian bug?
Cheers,
--
Bill. <email address hidden>
Imagine a large red swirl here.