(no subject)

[Bruno.Treguier () SHOM FR (Bruno Treguier)]

Hello,

On May 10, Jonas Stahre <yes () allevil campus luth se> sent a message about a
problem he encountered on Solaris 7 with rmmount not disabling set-uid
programs
on external devices like CD-ROMs or floppies, in spite of what is written in
the
man page.
(Message-id: <Pine.BSF.4.05.9905100836580.94142-100000 () allevil campus luth se
> )

I did not pay much attention at that time (sorry Jonas :) ), but we just ran
into that problem a few days ago, as we are disseminating Solaris 7 here on
our client workstations.

The obvious consequence is that any user having physical access to the
workstation and having an account on it, is able, by a simple "volcheck",
to gain root access if vold is running.

We called Sun today, and obviously they don't give a damn. They refuse to
consider this as a bug, as long as it is possible to correct the problem via
the rmmount.conf file (which is true).

However, I don't understand Sun's point of view. This is obviously a security
issue in rmmount's behaviour, which is NOT the same in previous versions of
Solaris. Moreover, the man page still reflects what this behaviour should be.

Any ideas about what can be done to make them change their mind about the
severity of this "feature" :) ? Or am I really paranoid ?

Regards,

Bruno


--
--   Service Hydrographique et Oceanographique de la Marine --- Service INF
--      13, rue du Chatellier ---  BP 426  --- 29275 Brest Cedex, FRANCE
--       Phone: +33 2 98 22 17 49  ---  Email: Bruno.Treguier () shom fr