From owner-freebsd-security@FreeBSD.ORG  Mon Jun  9 06:39:37 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4A22D37B401; Mon,  9 Jun 2003 06:39:37 -0700 (PDT)
Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl
	[213.17.211.16])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4707743FBF; Mon,  9 Jun 2003 06:39:35 -0700 (PDT)
	(envelope-from zk@wspim.edu.pl)
Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1])
	h59DdWhg000573;	Mon, 9 Jun 2003 15:39:32 +0200 (CEST)
	(envelope-from zk@wspim.edu.pl)
Received: (from zk@localhost)
	by hhos.serious.ld (8.12.8p1/8.12.8/Submit) id h59DdVb8000572;
	Mon, 9 Jun 2003 15:39:31 +0200 (CEST)
Date: Mon, 9 Jun 2003 15:39:31 +0200
From: zk <zk@wspim.edu.pl>
To: security@freebsd.org
Message-ID: <20030609133931.GA471@hhos.serious.ld>
References: <20030608080429.GA234@hhos.serious.ld>
	<Pine.NEB.3.96L.1030608115332.67632D-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.NEB.3.96L.1030608115332.67632D-100000@fledge.watson.org>
User-Agent: Mutt/1.4.1i
cc: Robert Watson <rwatson@freebsd.org>
Subject: Re: Removable media security in FreeBSD
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2003 13:39:37 -0000

On Sun, Jun 08, 2003 at 11:57:04AM -0400, Robert Watson wrote:
> 
> If the definition of the policy really means "any user who can log in at
> the console", I'd change the chown/chmod bits to a pointer to fbtab, and
> use vfs.usermount.
> 
The problem with fbtab: i want to give mount permission to some console user
and not to the other.
And what about xdm. Is there any solution besides changing scripts
in /usr/X11R6/lib/X11/xdm.

> On the "SECURE" front -- well, it depends a bit on how robust our file
> system support is.  Bad UFS file systems can cause the FreeBSD kernel to
> behave improperly, since it's assumed that file systems will be clean or
> explicitly checked before mounting.  I've never really experimented much
> with our FAT file system support to see how robust it is; we have a
> 5.2-RELEASE TODO list item to merge some robustness improvements from the
> Darwin implementation back into FreeBSD, which suggests our implementation
> could be improved on :-).  I believe our usermount support carefully sets
> nodev, nosuid, etc, on any file systems mounted by root, but haven't
> tested that in a bit. 
>