On Tuesday 22 of December 2009, Phil Vandry wrote: > On Tue, 22 Dec 2009 16:04:24 +0200, Harhalakis Stefanos wrote: > > > $ ls -ld / > > > drwxrwxrwt 7 root root 160 2009-12-18 21:40 . > > > > This does not seem easy to exploit because of the sticky bit. No? > > You're right. The problem is less serious because of the sticky bit. > > One way that you could still exploit it though would be to create > trojan directories in the tmpfs branch directly, like /fsprotect/tmp/usr .
I tried that already and it seems that aufs doesn't see the new directory at once. For example, I created /fsprotect/tmp/sbin/getty in order to get init execute my own "getty" but /sbin/getty was still the getty from the original filesystem. > Thanks for creating this tool, by the way. I'm glad someone spent the > time to figure out the gymnastics of bind-mounting and moving directories > around to get it working correctly and cleanly inside the initramfs. You're welcome! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
