Yet another Linux on the desktop article
rcedelman at comcast.net
rcedelman at comcast.net
Mon Aug 2 15:20:56 CDT 2004
Sorry for the top-posting, but oh well.
The "nosuid" mount option is nice, but it's not a default. You can mount "noexec" too for that
matter. But again, with physical access to the machine, what is to top someone from rebooting and
passing say "init=/bin/ash" as a kernel parameter? BOOM! Instant root. Granted, no GUI, but it's
all there, and it's all free for the taking.
> Uncle Jim wrote:
>
> >to take the time to reboot the machine. If I have a floppy with a copy of bash
> that
> >is owned by root with permissions of 4755 and I come to your machine all I have
> to do
> >
>
> What about this new-fangled "nosuid" mount option I keep hearing about.
> I mean, surely no one has thought about the security ricks of allowing
> users to mount media before........
>
>
More information about the Kclug
mailing list