Slashes in filenames?
Root Boy Jim
rbj at uunet.UU.NET
Wed Feb 20 10:48:12 AEST 1991
In article <15236 at smoke.brl.mil> gwyn at smoke.brl.mil (Doug Gwyn) writes:
?In article <thurlow.666756073 at convex.convex.com> thurlow at convex.com (Robert Thurlow) writes:
?>... other things like the server permitting mknod()s by non-root
?>users are still being found.
?
?Oooh, this is bad news indeed. If exploited, it basically completely
?circumvents all UNIX security features.
Well, Doug, let me say it for/with you: NFS is a crock.
Remember when "NFS didn't do devices"? Now it does. The wrong way.
If I have a di?kless workstation (and friends, in spite of all
my previous howling, I do), guess where my devices are? On the
SERVER's disk! So my requests for devices on IT's disk refer to MY
machine! Are we having fun yet?
The mknod bug has been fixed. However, if you can get a user
account on someone's machine and get them to mount your disk...
Guy Harris wants "nosuid" to also mean "nodev" as well.
--
[rbj at uunet 1] stty sane
unknown mode: sane
More information about the Comp.unix.wizards
mailing list