On Thu, Jan 19, 2006 at 05:11:33PM +0200, Efraim Yawitz wrote: > Hi, > > I was just wondering what could be done against the following > seemingly huge security hole in Linux (or any Unix-type system). > > The system call mknod can only be used by root to make special > device files, but once those files exist they can be copied by > anyone. What is to stop me from becoming root on my own machine and > creating a whole set of /dev files which are world-readable and > writable, putting them in a tar archive and then untarring that on > another machine where I would now have raw access to all the > devices. It seems like the only safeguard against such a thing > would be to prevent users from bringing any files into the system, > but this is ridiculous if Internet access is to be allowed. > > Any reactions? Am I making some obvious mistake?
You don't need to be root to create a tar file with device files in it. This is merely writing a tar file. You do need to be root (or otherwise priviliged) to mknod. Generating the device files as extracted from the tarball is the priviliged operation. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
