https://bugzilla.novell.com/show_bug.cgi?id=295341
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=295341#c69
--- Comment #69 from Marcus Meissner 2008-05-27 14:50:26 MDT ---
Coolo: Sorry for not answering sooner, I am in a training.
Executive summary:
1. It is not clear why mount.fixed permissions are required at all, Kay nor
anyone else has not answered our several queries regarding this.
This question needs to be answered first, all others depend on that one.
Ability to mount fixed disks/partitions is definitely a critical security
risk.
2. There is apparently no code in FACTORY exercising this for us to even look
at.
3. The helper binary itself is fine in a self contained way.
4. The use of "exe" name checking does not help, if the user has control over
this executable via LD_PRELOAD, PTRACE or other means. He can just inject any
code into this binary. Davids comment regarding "secure" binary likely means
that the user binary itself needs setgid/setuid permissions.
"exe" path name checking is not a security feature in any way and should not be
handled as such, as the source code even says.
This is our integral concern regarding this.
5. We will NOT add setuid permissions to any random binary just because it is
"fine by itself".
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.