Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Jul 2012 12:29:52 -0700
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kseifried@...hat.com>,
	Dustin Kirkland <dustin.kirkland@...zang.com>,
	Marcus Meissner <meissner@...e.de>,
	Dan Rosenberg <dan.j.rosenberg@...il.com>
Subject: Re: Re: ecryptfs headsup

On 2012-07-11 10:48:48, Kurt Seifried wrote:
> So it sounds like a non privileged user on an Ubuntu machine can
> insert a USB stick/etc with a file system that gets automatically
> mounted, said file system can contain setuid root binaries for example
> which the user can then execute, elevating privileges?

Correct, but it isn't limited to Ubuntu. I believe that other distros
ship /sbin/mount.ecryptfs_private as setuid-root, too.

Tyler

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.