Bugtraq mailing list archives

automountd and Solaris

From: garrett () hightop nrl navy mil (Brian S. Garrett)
Date: Thu, 5 May 94 16:03:06 EDT


Jim Thompson said:
| I'd bet that it doesn't mount the floppy (or CD) nosuid, so the
| cracker can simply make-up a floppy with a filesystem containing
| a passwordless version of 'su'.
| 
| but I'm just guessing.
| 
| Jim


That's it.
I tested it and it works.....
Create a Suid shell and mount it on the filesystem.
A temporary fix is to disable the automountd.

Good call, Jim.


-Brian


-- 
----------------------------------------------------------------------------
Brian S. Garrett           | Excellence can be attained if you...
ADP Security               |   Care more than others think is wise...
Naval Research Laboratory  |     Risk more than others think is safe...
Washington, DC             |       Dream more than others think is practical...
Brian.Garrett () nrl navy mil |         Expect more than others think is possible.
----------------------------------------------------------------------------

Current thread:

RSA Broken? Carl Corey (May 04)
- Re: RSA Broken? Perry E. Metzger (May 04)
- rsa broken summary. Carl Corey (May 04)
- automountd and Solaris 2.3 Richard Huddleston (May 05)
  - automountd and Solaris Brian S. Garrett (May 05)
  - Re: automountd and Solaris 2.3 Daniel R Ehrlich (May 05)