Because disk images can be replaced and created on the fly without
physical access to the hardware. The old adage is that if I have physical access to your machine, its
cracked.
if you however allow me to mount /tmp/my.iso /mnt/loop iso9660 loop,user 0 0
and then allow me to mount that, and I can replace my.iso, its enough to have software access to my.iso to be able to crack your machine, and do it quite well.
sorry, i'm not a unix-security expert, but i still can't completely understand this.
the problem is that i can create an iso file with some files which have suid root and can do anything they want?
but doesn't the nosuid flag prevent this?
please could you explain this in more detail? i'm very interested in this problem... i just can't believe that for example it's safe to mount a samba share but it's not safe to mount an iso file.
thanks, gabor
-- [EMAIL PROTECTED] mailing list
