On Thu, Oct 18, 2007 at 02:16:09AM +0100, Wayne Stallwood wrote:
On Wed, 2007-10-17 at 22:01 +0100, Chris G wrote:
There are a few references to this if you do a Google search.
It turns out that the easy way to get it to work is to set the SUID bit on /sbin/mount.cifs and /sbin/umount.cifs, it now works for me.
Does that not leave the system quite vulnerable ?
If you suid mount commands couldn't I (as a user) now copy /etc to a cifs share someplace, change passwd and then mount it back over your /etc to gain root ?
Or am I missing something that would prevent that from working ?
It does say (in some of the places where it suggests it) that one must have an environment where users are trusted. Since my environment is just me all I need to protect against is my stupidity/fallibility.
In addition the /etc/shadow file shouldn't be readable to anyone except root and so won't get copied if you copy /etc, I expect there may be other files in /etc that aren't world readable for the same reason.