On Thu, Jan 19, 2006 at 07:04:20PM +0200, Efraim Yawitz wrote: > > > On Thu, 19 Jan 2006, Tzafrir Cohen wrote: > > > > >You don't need to be root to create a tar file with device files in it. > >This is merely writing a tar file. > > > >You do need to be root (or otherwise priviliged) to mknod. Generating > >the device files as extracted from the tarball is the priviliged > >operation. > > Right, this is the part I didn't try, and obviously tar has to call mknod > to write the files, and the same with cp. > > How about the following, though? (This is what I thought of originally, > actually.) I could make a ext2fs on a loop-mounted file and create the > devices there with world read/writeability, and then burn this filesystem > onto a CD with cdrecord. If a system allows user-mounting of CD's, then I > have those device files available. What's the catch?
You could also create in that tarball or filesystem a setuid-root binary. And again, the actual priviliges escalation is done if root mounts the filesystem or extracts the tarball. So if you let a users mount their own file system (e.g: cdrom) then you should use nodev and nosuid. (noexec is normally not of much use against any shell user). And in fact, the mount options 'user', 'users' and 'group' imply nodev and nosuid . See mount(8). -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
