Yet another Linux on the desktop article
Monty J. Harder
lists at kc.rr.com
Wed Aug 11 23:58:10 CDT 2004
"Uncle Jim" <jim at jimani.com> wrote:
> I realize that physical access to the hardware means all bets are off but
automount
> is equivalent to root with no password.
Only if it's automount that blindly assumes that the ownership and
permissions on the foreign filesystem are authentic.
If I make a setuid root bash and put it in a tarball, then try untarring
it on your machine, tar simply changes the owner of the file to be that of
the logged-in user. It ought to be possible to do automount that does
similar, or perhaps refuses to recognize executable bit on non-directories.
More information about the Kclug
mailing list