From owner-freebsd-security@FreeBSD.ORG  Mon Jun  9 10:17:07 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AF14A37B401; Mon,  9 Jun 2003 10:17:07 -0700 (PDT)
Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk
	[212.242.113.79])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8128E43FDF; Mon,  9 Jun 2003 10:17:06 -0700 (PDT)
	(envelope-from simon@arthur.nitro.dk)
Received: by arthur.nitro.dk (Postfix, from userid 1000)
	id 718C810BF8D; Mon,  9 Jun 2003 19:17:04 +0200 (CEST)
Date: Mon, 9 Jun 2003 19:17:04 +0200
From: "Simon L. Nielsen" <simon@nitro.dk>
To: zk <zk@wspim.edu.pl>
Message-ID: <20030609171703.GB405@nitro.dk>
References: <20030608080429.GA234@hhos.serious.ld>
	<Pine.NEB.3.96L.1030608115332.67632D-100000@fledge.watson.org>
	<20030609133931.GA471@hhos.serious.ld>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="qcHopEYAB45HaUaB"
Content-Disposition: inline
In-Reply-To: <20030609133931.GA471@hhos.serious.ld>
User-Agent: Mutt/1.5.4i
cc: Robert Watson <rwatson@freebsd.org>
cc: security@freebsd.org
Subject: Re: Removable media security in FreeBSD
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2003 17:17:08 -0000


--qcHopEYAB45HaUaB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2003.06.09 15:39:31 +0200, zk wrote:
> On Sun, Jun 08, 2003 at 11:57:04AM -0400, Robert Watson wrote:
> >=20
> > If the definition of the policy really means "any user who can log in at
> > the console", I'd change the chown/chmod bits to a pointer to fbtab, and
> > use vfs.usermount.
> >=20
> The problem with fbtab: i want to give mount permission to some console u=
ser
> and not to the other.

Sounds like something sudo can solve - /usr/ports/security/sudo.

--=20
Simon L. Nielsen

--qcHopEYAB45HaUaB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE+5MEP8kocFXgPTRwRApnrAJ9v696c6HmY6aJee4JJ6bxwsow0eQCeP9lL
WC2AmSEcRGNFvlk3hkGsOBU=
=m6+L
-----END PGP SIGNATURE-----

--qcHopEYAB45HaUaB--