On Thu, Jan 19, 2006 at 05:11:33PM +0200, Efraim Yawitz wrote: > Hi, > > I was just wondering what could be done against the following > seemingly huge security hole in Linux (or any Unix-type system). > > The system call mknod can only be used by root to make special > device files, but once those files exist they can be copied by
How exactly? I don't think so. > anyone. What is to stop me from becoming root on my own machine and > creating a whole set of /dev files which are world-readable and > writable, putting them in a tar archive and then untarring that on > another machine where I would now have raw access to all the Did you try that? Doesn't work for me. > devices. It seems like the only safeguard against such a thing > would be to prevent users from bringing any files into the system, > but this is ridiculous if Internet access is to be allowed. > > Any reactions? Am I making some obvious mistake? Just one more note - it's recommended, on multiuser machines, to mount any user-writable filesystems with '-o nodev' (among other things). This usually means having /var,/tmp,/home maybe others as independent filesystems. -- Didi ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
