begin quote On Mon, 10 Nov 2003 17:32:36 -0800 [EMAIL PROTECTED] (Andrew Farmer) wrote:
> > The 'user' flag to mount will clear the suid file on a mounted file > system. And it'd obviously be a Bad Idea to allow users to mount disks > as root! However, most systems have fstab entries for the floppy and > CD drives which use the user flag to mount. If physical disks are OK, > then what's wrong with disk images? Because disk images can be replaced and created on the fly without physical access to the hardware. The old adage is that if I have physical access to your machine, its cracked. if you however allow me to mount /tmp/my.iso /mnt/loop iso9660 loop,user 0 0 and then allow me to mount that, and I can replace my.iso, its enough to have software access to my.iso to be able to crack your machine, and do it quite well. as for "user" disabling "suid" that isn't the case, you can have both "user" and "suid" on the same mountpoint. //Spider -- begin .signature This is a .signature virus! Please copy me into your .signature! See Microsoft KB Article Q265230 for more information. end
pgp00000.pgp
Description: PGP signature
