Bugtraq mailing list archives

Re: nfs_mount in AIX

From: proff () suburbia apana org au (Julian Assange)
Date: Thu, 27 Apr 1995 13:48:04 +1000 (EST)

Here's a little additional information.....  the nfs_mount routine does its
work through the vmount() system call, which is documented.  If this is a
security hole at all, then it's because it would let an attacker mount a
remote filesystem under his control onto a world-readable directory like

                                                   ^^^^^^^^

/tmp or /var/preserve, and thereby grab a copy of everything that was
written to that directory.  Anybody want to write a test program?


Shouldn't that be writeable?

-Proff

Current thread:

Re: Kerberos availability (Re: NIS) Tim Scanlon (Apr 20)
- Re: Kerberos availability (Re: NIS) Michel Lavondes (Apr 24)
  - Re: Kerberos availability (Re: NIS) Jas (Apr 25)
    - Re: Kerberos availability (Re: NIS) Julian Assange (Apr 26)
  - nfs_mount in AIX rick () msc cornell edu (Apr 25)
    - Re: nfs_mount in AIX Tom Fitzgerald (Apr 25)
    - Re: nfs_mount in AIX rick () msc cornell edu (Apr 26)
    - Re: nfs_mount in AIX Aleph One (Apr 26)
    - Re: nfs_mount in AIX John F. Haugh II (Apr 26)
    - Re: nfs_mount in AIX Julian Assange (Apr 26)
    - CGI script insecurity in NCSA httpd Paul Phillips (Apr 26)
    - Re: CGI script insecurity in NCSA httpd Jeremy Fitzhardinge (Apr 27)
    - sniffers froden () yf-kraft no (Apr 28)
    - Re: your mail Timothy Newsham (Apr 30)
    - sniffers Theodore Alexopoulos (Apr 29)
    - Re: sniffers Jonathan M. Bresler (Apr 29)
    - Re: sniffers Asriel DeCatte (Apr 30)
    - Re: sniffers Asriel DeCatte (Apr 30)
    - Re: sniffers Jas (Apr 30)
    - Re: sniffers Asriel DeCatte (Apr 30)

(Thread continues...)