Date: Mon, 3 Jul 2000 16:30:45 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Brad Knowles <blk@skynet.be> Cc: Vivek Khera <khera@kciLink.com>, freebsd-stable@FreeBSD.ORG Subject: Re: fstab mount options Message-ID: <20000703163045.A248@dialin-client.earthlink.net> In-Reply-To: <v0422082db586be8b6c6b@[195.238.1.121]>; from blk@skynet.be on Tue, Jul 04, 2000 at 12:07:32AM %2B0200 References: <m266qmc43b.fsf@reader.ptw.com> <14689.1084.894512.504331@onceler.kcilink.com> <v0422082db586be8b6c6b@[195.238.1.121]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 04, 2000 at 12:07:32AM +0200, Brad Knowles wrote: > At 5:23 PM -0400 2000/7/3, Vivek Khera wrote: > > > # allow CD-ROM and ZIP drive user-mounting. > > for i in /dev/*acd0* /cdrom /dev/*da0* /zip > > do > > chmod 0755 $i > > chown $USER $i > > done > > So, if you happen to have any regular fixed disks that are > /dev/*da0* (e.g., the ones that /, /usr, /var, etc... are on), you > will allow unprivileged users to mount them, presumably unmount them, > and otherwise muck about with them however they want?!? Moof! > > > I hope that this is on a machine that is effectively single-user > (i.e., just you), and not one that allows anyone else to ever log > in.... From the comment, I would say he has a SCSI Zip drive. The same line could apply to Jaz, an ancient Bernoull, or the like. The risk I see is does this method let users mount with setuid? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000703163045.A248>