From owner-freebsd-bugs  Mon Jan 26 15:30:02 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA20286
          for freebsd-bugs-outgoing; Mon, 26 Jan 1998 15:30:02 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA20273;
          Mon, 26 Jan 1998 15:30:01 -0800 (PST)
          (envelope-from gnats)
Received: from whqvax.picker.com (whqvax.picker.com [144.54.1.1])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA19330
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Jan 1998 15:24:11 -0800 (PST)
          (envelope-from rhh@ct.picker.com)
Received: from ct.picker.com by whqvax.picker.com with SMTP;
          Mon, 26 Jan 1998 18:23:26 -0500 (EST)
Received: from stealth.ct.picker.com (eagle.ct.picker.com) by ct.picker.com (4.1/SMI-4.1)
	id AA07335; Mon, 26 Jan 98 18:23:23 EST
Received: (from rhh@localhost)
	by stealth.ct.picker.com (8.8.8/8.8.8) id SAA01299;
	Mon, 26 Jan 1998 18:25:02 GMT
	(envelope-from rhh)
Message-Id: <199801261825.SAA01299@stealth.ct.picker.com>
Date: Mon, 26 Jan 1998 18:25:02 GMT
From: rhh@ct.picker.com
Reply-To: rhh@ct.picker.com
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: rhh@ct.picker.com
X-Send-Pr-Version: 3.2
Subject: bin/5575: mount_msdos won't run setuid-root
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         5575
>Category:       bin
>Synopsis:       mount_msdos won't run setuid root
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 26 15:30:00 PST 1998
>Last-Modified:
>Originator:     Randall Hopper
>Organization:
self
>Release:        FreeBSD 3.0-971208-SNAP i386
>Environment:

        Stock 3.0-971208-SNAP system

>Description:

	The topic pretty well says it all.  Users of machines with shared
	resources such as floppy and ZIP disk drives shouldn't have to
	be given root to mount these removable media.  

	Also for users of dedicated FreeBSD machines, it is more convenient
	for users not to have to su to root to mount removable media.

>How-To-Repeat:

     This Perl script demonstrates the problem.  UFSs will mount fine
     setuid root.  DOS FAT FSs won't.  Change /dev/sd0s4 to the path
     of any FAT slice:

          #!/usr/bin/suidperl -w
     
          $ENV{'PATH'}  = '/bin:/usr/bin:/usr/sbin:/sbin';
          $ENV{'SHELL'} = '/bin/sh' if defined $ENV{'SHELL'};
          $ENV{'IFS'}   = ''        if defined $ENV{'IFS'};
          
          chdir( "/" );
          ( !system( "mount /dev/sd0s1 /zip"       ) 
                  && print "UFS /zip mounted\n" ) ||
          ( !system( "mount -t msdos /dev/sd0s4 /zip" ) 
                  && print "DOS /zip mounted\n" ) ||
           
          die "Mount failed\n";

>Fix:
	
	The best solution might be for FreeBSD to implement a mechanism
	for granting mount access to groups on a per-device basis.

	Short of that though, all mount commands should be accessible through
	setuid scripts, and access control can be implemented via the 
	ownership and permissions on these mount scripts.

        Presently no work-around known on 3.0-current.  Must su to mount 
        FAT partitions.

>Audit-Trail:
>Unformatted: