Date: Mon, 9 Jun 2003 16:54:27 -0600 (MDT) From: Brett Glass <brett@lariat.org> To: mike@adept.org, security@freebsd.org Subject: Re: Removable media security in FreeBSD Message-ID: <200306092254.QAA10240@lariat.org> In-Reply-To: <20030609140347.B13040@fubar.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry not to have replied to some of the responses in this thread, but things have been extraordinarily busy here. Alas, none of the approaches that have been mentioned so far are quite what I need (though it might be possible to adapt them to work). Here's why: /etc/fbtab is fine for text logins, but (as far as I know) isn't consulted by kdm or similar desktop managers. Allowing the user to use sudo would effectively be giving him/her root privileges, which we explicitly don't want to do. If the desktop manager can be set up to change ownerships, etc., upon login, it would help. One response mentioned that this could be done for xdm, but I don't know if kdm has the same capability. I also don't know how to obtain the user name and device information from the environment -- and/or someplace else -- if I create a script to do this. (While the device information could be in /etc/fstab -- in entries with the noauto option set -- the script would need to consult a table to know which devices the user should own for the duration of the session. Clearly, there should be a standard place for this information so that administrators can find and edit it.) In the end, we just want the person who's logged in via an X desktop manager at the console to be able to use the removable media and not have that media spied upon by other users who might not be at the console (which is why I started this thread on -security; there are plenty of insecure ways to do it, but I need to implement a secure way). I'm thinking of having them mounted at ~/floppy and ~/zip, which we'd create in advance in each user's home directory, or just at /floppy and /zip... comments on the pluses and minuses of these two approaches are welcomed. In either case, the console user should own them and the underlying raw devices for the duration of the login.) A scheme that's compatible with KDE's built-in mounting and unmounting utilities would be a plus. (They were designed for Linux, and the current FreeBSD port of KDE doesn't change the mount and umount command formats to work with BSD.... Perhaps the final scheme could be integrated into the FreeBSD port of KDE and other desktops.) As I recall, Red Hat does something like this, but I'm not sure exactly how. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306092254.QAA10240>