Am 02.11.2011 15:47, schrieb Alexander Kurtz: > tags 625606 security > thanks > > Hi, > > this bug introduces a new security hole, consider the following example: > > # cat /etc/fstab > [...] > /home /mnt none bind 0 0 > /home /mnt none bind,remount,ro 0 0 > # mount -v -a > [...] > /home on /mnt type none (rw,bind) > /home on /mnt type none (ro,bind) > # mount | grep /mnt > /home on /mnt type none (ro,bind) > # pm-powersave true > # mount | grep /mnt > /home on /mnt type none (rw,bind,commit=600) > > Notice how calling pm-powersave changes the mount options from read-only > to read-write. Since I'm actually using something like this on a server > to deliver read-only backups, this bug is quite serious for me. The > actual problem here is that "/usr/lib/pm-utils/power.d/journal-commit" > calls "mount -o remount,commit=600 /mnt" in line 27 which overwrites the > previous mount options:
Isn't that rather a bug in mount, if it changes ro to rw? It's not like pm-utils uses mount -o remount,rw. > > Since that bug now "makes unrelated software on the system break" AND > "introduces a security hole on systems where you install the package" > can we please raise the severity back to "critical" again? I don't think that is justified. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature