Subject: Re: normal user can bypass mount 'noexec' flags
To: None <tech-security@netbsd.org>
From: John Kohl <jtk@kolvir.arlington.ma.us>
List: tech-security
Date: 03/11/1999 17:12:36
>>>>> "JT" == Jason Thorpe <thorpej@nas.nasa.gov> writes:
JT> See my response the the PR (on tech-kern). It should not be limited to
JT> "users". Stacked mounts (nullfs, and the dmfs that Bill Studenmund is
JT> working on) should inherit all appropriate mount flags from the bottom
JT> layer -- dynamically. I.e. if I do a MNT_UPDATE on the bottom layer, the
JT> top (stacked) layer should have its flags updated to match.
Well, you probably want to (in the case of nullfs) consider the flags
both on the mounted-from directory and mounted-on-top-of directory, I
think... if I could copy a binary to a directory, but couldn't execute
it from there, why should mounting atop it give me execute rights?
Perhaps by doing this I can launch a trojan attack somehow...
--
==John Kohl <jtk@kolvir.arlington.ma.us>, <john_kohl@alum.mit.edu>
Write a poem, share your heart!
Home page: <http://people.ne.mediaone.net/jtk/>
Note new home zip code as of July 1, 1998: 02476