Date: Wed, 23 Oct 91 15:48:56 EDT From: "John R Ruckstuhl Jr" Message-Id: <9110231948.AA04537@alpha.ee.ufl.edu> To: sun-managers@eecs.nwu.edu Subject: automounter security I see in an article posted to alt.sys.sun From: scheller@asdi.saic.com (Mark Scheller x6519) Subject: Automount questions Message-ID: <3971674@MVB.SAIC.COM> Date: 22 Oct 91 14:51:21 GMT Mark's colleague George has used the auto.master entry suggested by Sun's documentation #Mount-point Map Mount-options /net -hosts Since I think this may be dangerously common, I call your attention to it. If one sets up the automounter configuration as suggested in System & Network Administration, (I'm reading the manual that accompanied our SunOS 4.1 shipment, Part Number 800-3805-10 Revision A of 27 March, 1990), On pg 443 and pg 457 (and something similar on 458) A typical auto.master file would contain... #Mount-point Map Mount-options /net -hosts Wouldn't suid programs be available to any user from any cooperative remote location who was listed in the NIS map hosts.byname? It seems dangerous to not use the "nosuid" mount option for the -hosts map. But Sun makes no admonishment, and gives dangerous examples (if I understand the situation correctly). An example: Suppose "apple" runs automounter with such a mapping, and I am a guest user on apple. Further, apple has "orange" in her hosts database. If I have root access on "orange", I can create a root-suid program on orange, exportfs so that I can get to it from my guest account on apple. CERT knows about this. Use "nosuid", as in /net -hosts nosuid You might or might not have to reboot (not just restart the automounter) to effect the change. I don't know. Regards, ruck.