rcombs Posted September 2, 2015 Share Posted September 2, 2015 Currently, the boot flash drive is mounted world-writable during startup. This creates potential privilege escalation vulnerabilities, since a process running as an individual user could add lines to /boot/config/go, or overwrite the kernel image or initramfs. Could /boot be mounted with perms set to 0755 instead? Link to comment
limetech Posted September 2, 2015 Share Posted September 2, 2015 There are no individual users in unRAID. Link to comment
rcombs Posted September 21, 2015 Author Share Posted September 21, 2015 There are no individual users in unRAID. Sorry? I'm confused. A number of plugins create a user for their services to run under, or run as `nobody`, either by using sudo or su in their startup scripts, or by calling setuid/setgid once started. A compromise to one of those services shouldn't allow an attacker to overwrite the entire boot drive. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.