> -----Original Message----- > From: UM Linux User's Group [mailto:[EMAIL PROTECTED] On Behalf > Of J. Milgram > Sent: Friday, January 20, 2006 12:20 AM > To: [email protected] > Subject: Re: [UM-LINUX] setuid, iso9660 etc > > Actually I always do it via my fstab, typically with: > defaults,user,ro,noauto. But my experiments seemed to indicate that the > files still showed up as owned by root, with the s bit. However, I was > doing the experiment by just making the iso image and mounting via loop, > because I didn't want to waste too many cdrom blanks (I made an entry > for the iso file with the same options as /dev/cdrom, plus of course > loop). > > So I'll try it for real. The scenario is: bad guy on own machine, > becomes root, makes an iso image with a malicious executable that's suid > root. Burns image. Pops disc into a target machine and mounts /dev/cdrom > as ordinary user. But it then shouldn't be possible to run that > executable with root permissions... right?
It seems like this could be even more effective with a USB key formatted to ext3 or reiser or similar. Am I missing something? JSR/
