Date: Mon, 3 Apr 2006 08:36:01 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Joe Marcus Clarke <marcus@FreeBSD.org> Cc: hackers@FreeBSD.org Subject: Re: RFC: Adding a ``user'' mount option Message-ID: <20060403063601.GB852@zaphod.nitro.dk> In-Reply-To: <1144042356.824.16.camel@shumai.marcuscom.com> References: <1144042356.824.16.camel@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Y7xTucakfITjPcLV Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.04.03 01:32:36 -0400, Joe Marcus Clarke wrote: > I know we have vfs.usermount, but this is not always sufficient since > the user has to own the mount point in question. What I propose is to > add a ``user'' mount option =E0 la Linux. This would make mount and > umount setuid root, but would allow much more flexibility when it comes > to removable media and desktop systems. Any reason you can't just use sudo... ? I simply have lines like: simon ALL=3DNOPASSWD:/sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom in my sudoers file [1]. This way I can also restrict exactly who can mount. I really dislike setuid root binaries, so I really prefer if we could avoid adding more. As Colin noted, if this is to be done via a setuid program, it probably should be a new program, since setuid programs has to have a lot of special handling of things like file descriptors etc. which normal programs can safely ignore. [1] Note I haven't checked if this opens new and interesting holes, but it doesn't matter too much on my laptop, since if somebody has access to "simon" that's just as bad as someone getting root. --=20 Simon L. Nielsen --Y7xTucakfITjPcLV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEMMJRh9pcDSc1mlERAtFNAKClPempIs/Y2olnueRBBGu9CBGmpwCdHFwT LodPHgrAGHFZW76s445LCPQ= =4DYX -----END PGP SIGNATURE----- --Y7xTucakfITjPcLV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403063601.GB852>