Re: Bug#27050 (fdutils): A cause for security concern?

To: debian-devel@lists.debian.org
Subject: Re: Bug#27050 (fdutils): A cause for security concern?
From: dichro-f9318705@eris.rcpt.to (Mikolaj J. Habryn)
Date: 22 Jan 1999 14:01:24 +0800
Message-id: <[🔎] s2viudzkfrf.fsf@mermaid.ucc.gu.uwa.edu.au>
In-reply-to: Anthony Fok's message of "Thu, 21 Jan 1999 22:42:16 -0700"
References: <[🔎] Pine.A41.3.96.990119141915.52336A-100000@gpu5.srv.ualberta.ca> <[🔎] 19990120005059.A2536@cs.leidenuniv.nl> <[🔎] 19990121224215.A14297@lovelife.olvc.ab.ca>

>>>>> "AF" == Anthony Fok <foka@ualberta.ca> writes:

    AF>     if (geteuid()!=0) die("Must run with EUID=root");

    AF> I am a little bit tempted to comment that line out, but it's
    AF> probably there for a reason, and I am definitely not qualified
    AF> to hack fdmount.c, so for now I should probably add a
    AF> /usr/sbin/fdutilsconfig as Thomas has suggested.

  This sort of thing should be shot on sight. It will need to be
removed one way or another when we move to a capability based
system. The downside is that the reason things like this exist is the
complete lack of any error handling in the rest of the code.

  If you need something to do, dike it out. If it's run as root, it
will work as expected. If not, then it can't do any real damage,
right? ;)

m.

Reply to:

References:
- Bug#27050 (fdutils): A cause for security concern?
  - From: Anthony Fok <foka@ualberta.ca>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Anthony Fok <foka@ualberta.ca>

Prev by Date: Re: Bug#27050 (fdutils): A cause for security concern?
Next by Date: Re: Bug#27050 (fdutils): A cause for security concern?
Previous by thread: Re: Bug#27050 (fdutils): A cause for security concern?
Next by thread: Re: Bug#27050 (fdutils): A cause for security concern?
Index(es):
- Date
- Thread