26 Feb 2005 dtucker   » (Master)

edp:
Why can't a non-root user do this?
$ dd if=/dev/zero of=img bs=1024k count=1
$ mke2fs -F img
$ mkdir mnt
$ mount -t ext2 -o loop img mnt

Remember, the file is completely under the control of the user. If that was allowed, the user could create a root-owned binary inside the image (eg a copy of /bin/sh) and flip the setuid bit on it, mount the filesystem and run the now-setuid binary. Or create a device node for /dev/kmem and go rifling through kernel memory. Or create a device node for the root filesystem then edit /etc/passwd via the raw device. And probably other things I've overlooked.

In unrelated news, one of the reported bugs OpenSSH bugs turned out to be an OpenSSL bug. It took the OpenSSL folks about 15 minutes to accept the bug and apply my patch. I love it when it works like that.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!