mailing list archives
Possible problem of AIX mount
From: b811043 () MATH NTU EDU TW (Weizen)
Date: Tue, 22 Apr 1997 09:32:41 +0800
I have access to a group of AIX 4.systems ,which has suid root mount.
IF you try to mount a NFS file system,it will tell you "Only root or
member of system group can NFS mount/umount".In the AIX I can
access,nuucp is a member of system group(maybe by default).i.e nuucp can
mount /umount an NFS contain suid root shell and then become root!
Since nuucp's is not 0,in some case,it is easier to get nuucp access
then to get a root access.
In the group of AIX computers I can use,if I cracked root on one of NFS client
, I can easily execute program on NFS server remotely with euid nuucp
to create a .forward for nuucp on NFS server,and then do
a NFS mount,then become superuser of NFS server.
It is not a big problem,but still not a good idea to allow to many
account have power to NFS mount.
- Possible problem of AIX mount Weizen (Apr 22)