From owner-freebsd-security@FreeBSD.ORG Mon Jun 9 17:56:41 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E54DA37B404 for ; Mon, 9 Jun 2003 17:56:41 -0700 (PDT) Received: from gunjin.wccnet.org (gunjin.wccnet.org [198.111.176.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 243BB43F3F for ; Mon, 9 Jun 2003 17:56:41 -0700 (PDT) (envelope-from anthony@gunjin.wccnet.org) Received: from gunjin.wccnet.org (localhost.rexroof.com [127.0.0.1]) by gunjin.wccnet.org (8.12.3/8.12.2) with ESMTP id h5A12Qsn043230; Mon, 9 Jun 2003 21:02:26 -0400 (EDT) Received: (from anthony@localhost) by gunjin.wccnet.org (8.12.3/8.12.3/Submit) id h5A12Q8U043229; Mon, 9 Jun 2003 21:02:26 -0400 (EDT) Date: Mon, 9 Jun 2003 21:02:25 -0400 From: Anthony Schneider To: Brett Glass Message-ID: <20030610010225.GA42913@x-anthony.com> References: <200306080728.BAA24342@lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: <200306080728.BAA24342@lariat.org> User-Agent: Mutt/1.4i cc: security@freebsd.org Subject: Re: Removable media security in FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2003 00:56:42 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable if devfs supports (or soon will support) filesystem ACLs, that might be the way to go. obviously this won't get around the "trusted media" problem... -Anthony. On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote: > I'm working with a FreeBSD user -- a teacher -- who's running KDE on a sy= stem > on which she neither has nor wants root privileges. She wants to be able = to > mount and unmount floppies and ZIP cartridges from within KDE, using the > standard KwikDisk utility (which, by the way, generates mount and unmount > command that don't conform to FreeBSD syntax; however, it appears possible > to fix this by customizing the commands). >=20 > I don't want to open up the floppy and ZIP drives to all users simultaneo= usly, > since this would allow anyone to write someone else's removable media. Is > there a standard, SECURE way of allowing an unprivileged user at the cons= ole > to get at removable media that s/he has inserted in the machine? >=20 > --Brett Glass >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+5S4gKUeW47UGY2kRAqRPAJ9v+hkqyT+tMdw3W2+cTpPw8za3ewCdHbqk KpC5MydVwoycYCYyyYGr/Ng= =Eu66 -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--