From owner-freebsd-security@FreeBSD.ORG Sun Jun 8 00:28:55 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0DF237B401 for ; Sun, 8 Jun 2003 00:28:55 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D06243FAF for ; Sun, 8 Jun 2003 00:28:55 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from root@localhost) by lariat.org (8.9.3/8.9.3) id BAA24342 for security@freebsd.org; Sun, 8 Jun 2003 01:28:50 -0600 (MDT) Date: Sun, 8 Jun 2003 01:28:50 -0600 (MDT) From: Brett Glass Message-Id: <200306080728.BAA24342@lariat.org> To: security@freebsd.org Subject: Removable media security in FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2003 07:28:56 -0000 I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this by customizing the commands). I don't want to open up the floppy and ZIP drives to all users simultaneously, since this would allow anyone to write someone else's removable media. Is there a standard, SECURE way of allowing an unprivileged user at the console to get at removable media that s/he has inserted in the machine? --Brett Glass