mount
From: undef (ls@blackout.ru)Date: 12/27/01
- Previous message: Hall, Philip: "RE: Grokster and possible trojan (part 2)"
- Next in thread: Michal Zalewski: "Re: mount"
- Reply: Michal Zalewski: "Re: mount"
- Reply: bugtraq@seifried.org: "Re: mount"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Dec 2001 17:21:11 +0000 From: undef <ls@blackout.ru> To: vuln-dev@securityfocus.com
Hello list.
Sorry if this is offtopic.
I tested all this on FreeBSD and Linux boxes.
%uname -a
FreeBSD xxx.xxx 4.4-RELEASE FreeBSD 4.4-RELEASE #1: Mon Dec 17 20:22:26 GMT 2001
%uname -a
Linux xxx.xxx 2.4.5 #6 Fri Jun 22 01:38:20 PDT 2001 i586 unknown
I found that one could mount any device to some mount point which already have something
mounted to it. It is possible some device (physical or virtual through vinum or NFS) to /.
When two devices are mounted to one mount point you could see contents of the last mounted device.
When you umount that last device you will see contents of the first mounted device.
I think in some cases it can help intruder to replace system files, or hide data, or something else.
Yes, i know, mount command can only be used by root. But anyway.
-- undef
- Previous message: Hall, Philip: "RE: Grokster and possible trojan (part 2)"
- Next in thread: Michal Zalewski: "Re: mount"
- Reply: Michal Zalewski: "Re: mount"
- Reply: bugtraq@seifried.org: "Re: mount"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
