© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Message-ID: <20050316191925
Date: Wed, 16 Mar 2005 20:19:25 +0100
From: Bill Allombert <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH
On Thu, Mar 17, 2005 at 05:43:19AM +1100, <email address hidden> wrote:
> "Brendan O'Dea" <email address hidden> wrote:
>
> > ... there's more at stake here than just PATH, since perl for example has
> > /usr/local/
> >
> > I'm not sure what the emacs site-lisp search order is, but that may well
> > provide a similar vector.
>
> Thanks for pointing out those avenues of attack.
>
> In your summary you seem to have missed that any machines that share user
> files via writable NFS mounts are vulnerable. (Are vulnerable if you mount
> an NFS filesystem that is writable to others.)
No that is not true. You need to use root_squash for any semblance of
security anyway. In that case you can also use squash_gids to prevent
the attack.
It is a security flaw with NFS rather than with Debian. I can design a
system so that random users can override any files not in group bin.
Will that make it a Debian bug?
Cheers,
--
Bill. <email address hidden>
Imagine a large red swirl here.