How secure is HAL?
Manuel Reimer
Manuel.Spam at nurfuerspam.de
Fri Dec 21 05:51:52 PST 2007
Hello,
is a user or a program running with an unprivileged account able to get
root access by plugging in an USB memory device with an executable file
on it, which is owned by root and has the suid-bit set?
Who exactly sets the mount options for HAL? Is an unprivileged binary
(like KDE) able to define which mount options are set?
How does HAL prevent from suid-root binaries? It doesn't seem like the
"nosuid" mount option is used. Seems like HAL uses the "uid" option to
"give all the files to the mounting user". Is this right?
At which place is this "uid" option generated and who sets the value for it?
Thanks in advance
CU
Manuel
More information about the hal
mailing list