Re: SECURITY PROBLEM: autofs [all versions]

To: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Cc: Debian Devel List <debian-devel@lists.debian.org>
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: Will Lowe <harpo@udlug.org>
Date: Fri, 30 Jun 2000 21:02:25 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.1000630205848.25282A-100000@earth.review.udel.edu>
In-reply-to: <[🔎] 395D40C7.576B8AC8@aet-usa.com>

> "nosuid,nodev" and as such anyone with a floppy disk and physical access
> to a floppy drive may become root on that machine.

Give a local user physical access to the floppy drive, and he'll just
reboot the machine with a rescue floppy in the floppy drive if he wants
root. Same with the CD drive, or zip disks. 

I'm not sure this is release-critical, but I'll defer to the release
manager to figure it out. 

         						Will

--------------------------------------------------------------------------
|   harpo@udel.edu lowe@cis.udel.edu lowe@debian.org lowe@asel.udel.edu  |
|			http://www.cis.udel.edu/~lowe/		         |
|    PGP Public Key:  http://www.cis.udel.edu/~lowe/index.html#pgpkey    |
--------------------------------------------------------------------------

Reply to:

References:
- SECURITY PROBLEM: autofs [all versions]
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>

Prev by Date: Re: ITPers should have Sponsors
Next by Date: Re: Debian Critical Mass
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread