Bugtraq mailing list archives
automountd and Solaris
From: garrett () hightop nrl navy mil (Brian S. Garrett)
Date: Thu, 5 May 94 16:03:06 EDT
Jim Thompson said: | I'd bet that it doesn't mount the floppy (or CD) nosuid, so the | cracker can simply make-up a floppy with a filesystem containing | a passwordless version of 'su'. | | but I'm just guessing. | | Jim That's it. I tested it and it works..... Create a Suid shell and mount it on the filesystem. A temporary fix is to disable the automountd. Good call, Jim. -Brian -- ---------------------------------------------------------------------------- Brian S. Garrett | Excellence can be attained if you... ADP Security | Care more than others think is wise... Naval Research Laboratory | Risk more than others think is safe... Washington, DC | Dream more than others think is practical... Brian.Garrett () nrl navy mil | Expect more than others think is possible. ----------------------------------------------------------------------------
Current thread:
- RSA Broken? Carl Corey (May 04)
- Re: RSA Broken? Perry E. Metzger (May 04)
- rsa broken summary. Carl Corey (May 04)
- automountd and Solaris 2.3 Richard Huddleston (May 05)
- automountd and Solaris Brian S. Garrett (May 05)
- Re: automountd and Solaris 2.3 Daniel R Ehrlich (May 05)