[EMAIL PROTECTED] writes: > The setuid privileges demand w-rights ?
No, these are independent. Many OSs in fact do not check permissions for privileged users at all, you can read files even after chmod 0. > I mean, that is an interesting sneak, but isn't it rather > related to mount -o user,exec,suid ? Yes, but these options are default. > Device nodes ... uh oh ... do you mean this : > a mknod, a chmod with lax permissions, burned to CD, > CD mounted, cat /dev/zero > /cdrom/my_dev_hda_backdoor Exactly. It's not a sure way into the system, but something that has to be taken into account given automount, submount, HAL, whatever. > w-permission to setuid-cdrecord should be restricted to > root, of course. ? > Since years, i trust Joerg's ability to defend that setuid > situation. I don't. There have been problems in the past, and I haven't audited the code. -- Matthias Andree -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
