From owner-freebsd-security@FreeBSD.ORG Sun Jun 8 01:04:33 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C57837B401 for ; Sun, 8 Jun 2003 01:04:33 -0700 (PDT) Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl [213.17.211.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id F373B43F85 for ; Sun, 8 Jun 2003 01:04:31 -0700 (PDT) (envelope-from zk@wspim.edu.pl) Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1]) h5884Uaw000530; Sun, 8 Jun 2003 10:04:30 +0200 (CEST) (envelope-from zk@wspim.edu.pl) Received: (from zk@localhost) by hhos.serious.ld (8.12.8p1/8.12.8/Submit) id h5884Tm7000529; Sun, 8 Jun 2003 10:04:29 +0200 (CEST) Date: Sun, 8 Jun 2003 10:04:29 +0200 From: zk To: Brett Glass Message-ID: <20030608080429.GA234@hhos.serious.ld> References: <200306080728.BAA24342@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306080728.BAA24342@lariat.org> User-Agent: Mutt/1.4.1i cc: security@freebsd.org Subject: Re: Removable media security in FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2003 08:04:33 -0000 On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote: > since this would allow anyone to write someone else's removable media. Is > there a standard, SECURE way of allowing an unprivileged user at the console > to get at removable media that s/he has inserted in the machine? > Create group floppy, chown 0:floopy /dev/floppy*, chmod g+rw /dev/fd0* and add user to group floppy. And vfs.usermount=1 zk