home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Hacking & Misc
/
bundle of exploits.sit
/
bundle of exploits
/
cdromvuln.txt
< prev
next >
Wrap
Text File
|
1998-07-17
|
579b
|
16 lines
This effects Slackware 3.0 and possibly other distributions, I haven't
checked others yet.
If you mount the CDROM, it is mounted SUID-enabled. This is bad as many
CDs include things such as the live filesystem on the Slackware CD. Thus,
all a cracker has to do is run /cdrom/live/usr/bin/splitvt or exploit some
other horrible old SUID-bug and root is obtained.
Fix this by changing the line in /etc/fstab which reads:
/dev/cdrom /cdrom iso9660 ro 1 1
to read:
/dev/cdrom /cdrom iso9660 nosuid ro 1 1
to fix, and then
umount /cdrom ; mount /cdrom
to activate