From owner-freebsd-questions  Wed Feb 10 09:23:46 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA23287
          for freebsd-questions-outgoing; Wed, 10 Feb 1999 09:23:46 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA23282
          for <freebsd-questions@FreeBSD.ORG>; Wed, 10 Feb 1999 09:23:43 -0800 (PST)
          (envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.9.1/8.9.1) id LAA47430;
	Wed, 10 Feb 1999 11:22:44 -0600 (CST)
Date: Wed, 10 Feb 1999 11:22:44 -0600
From: Dan Nelson <dnelson@emsphone.com>
To: Philippe CASIDY <pcasidy@worldnet.fr>
Cc: gjb@comkey.com.au, freebsd-questions@FreeBSD.ORG
Subject: Re: Mounting CDROM (or removable media) by users
Message-ID: <19990210112243.A47243@dan.emsphone.com>
References: <19990210001221.19077.qmail@alpha.comkey.com.au> <199902101635.RAA03064@greatoak.home>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <199902101635.RAA03064@greatoak.home>; from "Philippe CASIDY" on Wed Feb 10 17:35:55 GMT 1999
X-OS: FreeBSD 3.0-CURRENT
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In the last episode (Feb 10), Philippe CASIDY said:
> You example is not very revelant because you are comparing two
> different system and it is very easy to find a workaround. Anyway, I
> like the sudo feature because as far as I understand, you can easily
> choose who can or cannot mount a device.
> 
> I just want to know what is the technical reason why by default, only
> root can mount the cdrom.

Because an unscrupulous user could insert a CDrom with a setuid-root sh
binary and become root, or they could create a character device with
[major,minor] of [2,1] (i.e. /dev/kmem) with world-write permissions,
and become root by twiddling the kernel memory.  Or they could insert a
cdrom/floppy with an intentionally invalid filesystem on it and panic
the system.  If you limit mount() access to people who are already
root, this isn't a problem.

You could alter the mount() syscall to force "noexec, nosuid, nodev"
whenever a non-root user tries to mount anything, but don't come
running to us when he goes and mounts a cdrom on top of /bin or /tmp or
something :)

The best solution to the "user wants to mount a floppy/cdrom" problem
is make a sudo wrapper that mounts a device in a predetermined place,
with the noexec, nosuid, and nodev flags turned on, and provide a
separate wrapper for unmounting.

	-Dan Nelson
	dnelson@emsphone.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message