Sorry, I failed to mention I've tested this on 2.1.11 and 2.3.3 and it happens on both.
On Wed, 2008-05-14 at 11:58 -0400, Mark Tomich wrote: > > My root filesystem is unionfs which combines a mounted squashfs > image with an initially empty, read-write tmpfs. In this setup, an > unprivileged user is permitted to modify (for instance) /etc/passwd > (uid=0, gid=0, mode=644), this modified file is saved in the > read-write branch, and then the user is not permitted to modify the > file further (i.e. additional attempts by the unprivileged user to > modify the file would result in the proper response of "permission > denied"). If a user were to use this to edit /etc/sudoers, he could > easily exploit this bug to grant himself unlimited system access. > > I'm guessing I'm not the only one out there who has a setup rather > like this, so I'm hoping somebody else out there could help me verify > this bug. > > Thanks, > Mark Tomich
signature.asc
Description: This is a digitally signed message part
_______________________________________________ unionfs mailing list: http://unionfs.filesystems.org/ unionfs@mail.fsl.cs.sunysb.edu http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs