Bugtraq mailing list archives
SunOS 5.7 rmmount, no nosuid.
From: yes () ALLEVIL CAMPUS LUTH SE (Jonas Stahre)
Date: Mon, 10 May 1999 09:14:12 +0200
The man-page for rmmount under SunOS 5.7 says: File systems mounted by rmmount are always mounted with the nosuid flag set, thereby disabling set-uid programs and access to block or character devices in that file system. ...this is unfortunately wrong. All you have to do to get root-privileges is to insert a floppy/cdrom with a setuid shell and a volcheck and an evil grin later you have a root prompt. There is a workaround that fix the problem, just add these lines to your /etc/rmmount.conf: mount hsfs -o nosuid mount ufs -o nosuid (I've also heard that using a SunOS 5.6 rmmount binary would fix the problem, but I haven't tried it myself.) I have only tested this on Ultra5 with floppies on SunOS 5.7, but I am pretty sure it works on all SunOS 5.7 machines (with floppy and/or cdrom). /Jonas Stahre PS. Yes, I've talked to Sun about this some time ago. So I have gone through the proper channels. PPS. My signature says "/bin/sh" NOT "/bin/bash", ok? #!/bin/sh -- # set i=echo;set I='u[Cu[Cu[C';set l="tr u \033";$L .-. clear;cat $0;cat $0|sed '/D/d;s/L.*$/l/;s/.*# //;s/1/;71H/g'|csh -f;[ V ] # while 2;$i "u[31/$I\u[21 $I "|$l;$i "u[31 $I u[21_${I}_"|$L (( )) # end;$i "u[31 $I u[21\$I/"|$l;$i "u[21_${I}_"|$L -yes () ludd luth se- ^ ^
Current thread:
- Infosec.19990305.macof.a ian.vitek () INFOSEC SE (May 05)
- Re: Infosec.19990305.macof.a Emil Isberg (May 06)
- Re: Infosec.19990305.macof.a David Maxwell (May 06)
- <Possible follow-ups>
- Re: Infosec.19990305.macof.a Glen Turner (May 06)
- Re: Infosec.19990305.macof.a Alan Cox (May 07)
- Re: Infosec.19990305.macof.a Greg A. Woods (May 08)
- Re: Infosec.19990305.macof.a Alan Cox (May 09)
- OpenLinux 2.2: LISA install leaves root access without password Andrew McRory (May 08)
- Re: [linux-security] OpenLinux 2.2: LISA install leaves root Ralf Flaxa (May 09)
- SunOS 5.7 rmmount, no nosuid. Jonas Stahre (May 10)
- Re: SunOS 5.7 rmmount, no nosuid. C.J. Oster (May 10)
- nidsbench announcement Dug Song (May 13)
- Re: Infosec.19990305.macof.a Alan Cox (May 07)
- Adminisrivia Aleph One (May 10)
- [BIND-BUGS #18] Non-delegated master domains Ian Carr-de Avelon (May 10)
- Re: [BIND-BUGS #18] Non-delegated master domains Andrew Brown (May 11)
- Re: [BIND-BUGS #18] Non-delegated master domains Dan Busarow (May 11)
- ICQ Password Revealer Dmitri Alperovitch (May 10)
- Re: Adminisrivia Brian Fisk (May 10)
- Bookmarks security vulnerabilities in both Internet Explorer 5.0 Georgi Guninski (May 09)