Mounting floppies
Brandon S. Allbery
allbery at ncoast.UUCP
Mon Dec 12 02:37:28 AEST 1988
As quoted from <404 at hropus.UUCP> by jgy at hropus.UUCP (John Young):
+---------------
| > (I [allbery at ncoast) suggest a secure user floppy mounter)
|
| No, you cannot rely on a system which attempts to stop bad things
| from being done to removable media, the effort should on defending
| against pressumed bad media.
| Therefore you still need your suid (sgid might be better?)
| mount command to check for s(uid|gid)
| programs and either clear them or refuse to mount.
+---------------
This can be done as well; after all, a linear pass through a floppy's ilist
doesn't take very long... and you *do* have a point, since someone could
build a floppy on an unprotected system and set the proper flags on it, etc.
(A mountable user floppy doesn't need suid/sgid files anyway. Special files
(i.e. character or block devices, but not necessarily FIFOs or Xenix name
files, etc. [and do BSD AF_UNIX sockets bind()'ed to filenames still work
after the last close on the socket?]) would probably cause a refusal to
mount, since otherwise the mount utility needs to know quite a bit more
about the filesystem.
Now that I think about it, both conditions (my non-modifiability and your
security checking) are necessary, but neither is sufficient by itself.
--Query: do we need to avoid symlinks as well? From what I know about
them, it might not be necessary because they can't grant access to otherwise
protected files, but....
BTW, sgid won't work in this case; the kernel returns EPERM if anyone except
root tries to do a mount().
Maybe I'll whip up such a program. Won't do much for ncoast (no
floppies...) but might be useful on the job.
++Brandon
--
Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X
uunet!hal.cwru.edu!ncoast!allbery <PREFERRED!> ncoast!allbery at hal.cwru.edu
allberyb at skybridge.sdi.cwru.edu <ALSO> allbery at uunet.uu.net
comp.sources.misc is moving off ncoast -- please do NOT send submissions direct
Send comp.sources.misc submissions to comp-sources-misc@<backbone>.
More information about the Comp.unix.wizards
mailing list