NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/54947: chroot mount file systems leak the actual path in superblock



The following reply was made to PR kern/54947; it has been noted by GNATS.

From: Paul Goyette <paul%whooppee.com@localhost>
To: coypu%sdf.org@localhost
Cc: gnats-bugs%netbsd.org@localhost
Subject: Re: kern/54947: chroot mount file systems leak the actual path in
 superblock
Date: Sun, 9 Feb 2020 08:53:22 -0800 (PST)

 On Sun, 9 Feb 2020, coypu%sdf.org@localhost wrote:
 
 > It's worth noting that if you can mount a filesystem, you can likely
 > perform raw writes to the underlying block.
 >
 > e.g. write malicious.kmod somewhere in /stand, and open a matching
 > device in /dev, causing your malicious module to be loaded.
 
 Unless you are already root, you won't be able to install the module
 in /stand/$ARCH/$VERSION/modules/malicious/malicious.kmod (the default
 permissions for ..../modules is 0755)
 
 If you are already root, all bets are off anyway.
 
 
 +--------------------+--------------------------+-----------------------+
 | Paul Goyette       | PGP Key fingerprint:     | E-mail addresses:     |
 | (Retired)          | FA29 0E3B 35AF E8AE 6651 | paul%whooppee.com@localhost     |
 | Software Developer | 0786 F758 55DE 53BA 7731 | pgoyette%netbsd.org@localhost   |
 +--------------------+--------------------------+-----------------------+
 


Home | Main Index | Thread Index | Old Index