Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110304025613.GA22405@altlinux.org>
Date: Fri, 4 Mar 2011 05:56:13 +0300
From: "Dmitry V. Levin" <ldv@...linux.org>
To: oss-security@...ts.openwall.com
Subject: Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

On Thu, Mar 03, 2011 at 09:42:17PM -0500, Dan Rosenberg wrote:
[...]
> I discovered that essentially every suid mount helper that uses
> addmntent() (or invokes util-linux mount, which in turn calls
> addmntent()) to add entries to /etc/mtab fails to anticipate a low
> value for RLIMIT_FSIZE, allowing unprivileged users to corrupt
> /etc/mtab and possibly manipulate mountpoint options.  Affected
> software includes at least:
[...]
> There are a few possible options

One more option is to replace /etc/mtab regular file with a symlink to
/proc/mounts, thus making any /etc/mtab editing unneeded.


-- 
ldv

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.