[PATCH] Install customization packages left for us by a USB key.

Michael Stone michael at laptop.org
Fri Mar 7 12:00:09 EST 2008


On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote:
> Classic privilege-escalation attack.  

/, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids
0 and 500 have direct access to uid 0. Therefore, if Mallory can affect
what files are pointed to by $PKGDIR, then she already had access to uid
0. Is there a more subtle privilege escalation attack that I missed? In
particular, one that was not already present 'a fortiori'? Are you
instead primarily concerned that too much software is running under uids
0 and 500?

> Why is this being proposed, Michael?

I believe that, when used judiciously, it adds valuable flexibility to
the customization process that our deployment teams, the individuals who
wind up maintaining the laptops' on-site over the course of their
lifetimes, and our developers will appreciate.

I'll leave it to you to articulate your view of the potential hazards
that my 'judicious use' qualification carefully masks.

Michael



More information about the Devel mailing list