Date: Wed, 11 Jul 2012 12:29:52 -0700 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kseifried@...hat.com>, Dustin Kirkland <dustin.kirkland@...zang.com>, Marcus Meissner <meissner@...e.de>, Dan Rosenberg <dan.j.rosenberg@...il.com> Subject: Re: Re: ecryptfs headsup On 2012-07-11 10:48:48, Kurt Seifried wrote: > So it sounds like a non privileged user on an Ubuntu machine can > insert a USB stick/etc with a file system that gets automatically > mounted, said file system can contain setuid root binaries for example > which the user can then execute, elevating privileges? Correct, but it isn't limited to Ubuntu. I believe that other distros ship /sbin/mount.ecryptfs_private as setuid-root, too. Tyler Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.