Bugtraq mailing list archives
Re: nfs_mount in AIX
From: ccaaand () ucl ac uk (Andrew Dawson)
Date: Thu, 27 Apr 1995 09:04:53 +0100
I don't have access to AIX, so I can't read the vmount() docs, so this may be a non-issue...but unless it enforces "nosuid,nodev" for non-root mounts, there are much greater problems - like someone mounting a filesystem providing suid executables, or device special files with permissive mode bits.
According to the vmount() documentation in Info-Explorer here (AIX 3.2.5): "A mount to a directory or a file can be issued if the user has both of the following: - Search permission to the directory or file to mount - Search and write permission to the directory or file to mount over. To mount a block device, remote file, or remote directory, the calling process must also have root user authority."
(Note that if, as the first message implies, vmount() allows the mounting of a daemon on a directory, then these executables and/or special files do not have to actually exist anywhere; root access on another machine is not needed.)
I'm not sure I understand exactly what you mean by "mounting of a daemon on a directory", but it sounds like what IBM would refer to as writing your own "virtual file system helper". In AIX, entries for these have to be added to /etc/vfs, which shouldn't be writeable by normal users. Andrew. -- +-----------------------------------------------------------------------------+ | Andrew Dawson, Systems Integration Section, Operating Systems Group | | Information Systems Division, University College London | +-----------------------------------------------------------------------------+
Current thread:
- Re: nfs_mount in AIX der Mouse (Apr 26)
- <Possible follow-ups>
- Re: nfs_mount in AIX Quentin Fennessy (Apr 26)
- Re: nfs_mount in AIX Asriel DeCatte (Apr 30)
- Re: nfs_mount in AIX Andrew Dawson (Apr 27)