Re: statement from one of the klik project members [was: The klik project and Debian]

On Fri, 20 Jan 2006, Bernhard R. Link wrote: * Peter Palfrader [EMAIL PROTECTED] [060120 13:31]: user implies noexec, nosuid, and nodev unless overridden by subsequent options according to the mount(8) manpage. Please always keep in mind that this only reduces the chance, but still keeps

Re: statement from one of the klik project members [was: The klik project and Debian]

On Fri, 20 Jan 2006, Wouter Verhelst wrote: /tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0 Doesn't this introduce a local root exploit? A user can easily write their own /tmp/app/1/image file which contains, say, a setuid root bash executable. Yes,

Re: Re: Re: statement from one of the klik project members [was: The klik project and Debian]

Wouter Verhelst wrote on debian-devel@lists.debian.org: [Re-adding Cc to Kurt, as he's mentioned he isn't subscribed] On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote: Kurt Pfeifle wrote: The klik client installation needs root privileges once, to add 7 lines like this

Re: statement from one of the klik project members [was: The klik project and Debian]

* Peter Palfrader [EMAIL PROTECTED] [060120 13:31]: user implies noexec, nosuid, and nodev unless overridden by subsequent options according to the mount(8) manpage. Please always keep in mind that this only reduces the chance, but still keeps the possibility for holes open. (Like noexec could

statement from one of the klik project members [was: The klik project and Debian]

[EMAIL PROTECTED] There seems to be a fairly good amount of Debian Sarge packages available via http://klik.atekon.de/. You know, I almost didn't bother to visit the web site, since you're unwilling to even sign your name to your message, and you didn't say anything about what klik is or

Re: statement from one of the klik project members [was: The klik project and Debian]

On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: And third, klik doesn't really install. It brings exactly 1 additional file (the *.cmg) onto the system. It works with user only privileges. Hang on. You loop-mount with user-only privileges? How? -- .../ -/ ---/ .--./ / .--/ .-/

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: And third, klik doesn't really install. It brings exactly 1 additional file (the *.cmg) onto the system. It works with user only privileges. Hang on. You loop-mount with user-only privileges? How? The klik client installation

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

Kurt Pfeifle wrote: On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: And third, klik doesn't really install. It brings exactly 1 additional file (the *.cmg) onto the system. It works with user only privileges. Hang on. You loop-mount with user-only privileges? How? The

Re: Re: statement from one of the klik project members [was: The klik project and Debian]

[Re-adding Cc to Kurt, as he's mentioned he isn't subscribed] On Fri, Jan 20, 2006 at 01:20:26PM +0800, Cameron Patrick wrote: Kurt Pfeifle wrote: On Thu, Jan 19, 2006 at 08:34:59PM +, Kurt Pfeifle wrote: And third, klik doesn't really install. It brings exactly 1 additional