Over Mounting in Linux - UnixDaemon: In search of (a) life

A topic that’s been discussed to great length on one of (many) Linux lists I lurk on has been that of mounting one file over another. It’s easier to show this with an example:

$ cat password
dwilson:password

$ cat fakepassword
attacker:fakepassword

(root) $ mount --bind fake_password password

$ cat password
attacker:fakepassword

While this requires root access (or flimsy mount permissions) to execute, it is a nasty little trick. An ‘ls’ won’t show anything strange but a ‘mount’ command will. It’s also worth noting that this can be done with binary and executable files. ‘root# mount –bind /tmp/attacker_ps /bin/ps’ works as well as the example did.