Wouter Verhelst wrote on debian-devel@lists.debian.org:
> [Re-adding Cc to Kurt, as he's mentioned he isn't subscribed]
>
> On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote:
> > Kurt Pfeifle wrote:
> > > The klik client installation needs root privileges once, to add 7 lines
> > > like this one to /etc/fstab:
> > >
> > > /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0
> > > 0
> >
> > Doesn't this introduce a local root exploit? A user can easily write
> > their own /tmp/app/1/image file which contains, say, a setuid root bash
> > executable.
>
> Yes, that's exactly what I was afraid of, myself.
Please try "man mount". If your manpage is similar to mine, it will
contain something like:
---------------------------- snip ----------------------------------
OPTIONS
user Allow an ordinary user to mount the file system. The name
of the mounting user is written to mtab so that he can un-
mount the file system again. This option implies the op-
tions noexec, nosuid, and nodev (unless overridden by sub-
sequent options, as in the option line user,exec,dev,suid).
---------------------------- snap ----------------------------------
Note the part mentioning "nosuid" - and compare it to the fstab line
used by klik. :-)
Cheers,
Kurt [not subscribed]
