From owner-freebsd-hackers Thu Sep 2 9:50:36 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from ewok.creative.net.au (ewok.creative.net.au [203.30.44.41]) by hub.freebsd.org (Postfix) with SMTP id D0D7014D87 for ; Thu, 2 Sep 1999 09:50:31 -0700 (PDT) (envelope-from adrian@freebsd.org) Received: (qmail 15515 invoked by uid 1008); 2 Sep 1999 16:49:11 -0000 From: adrian@freebsd.org Date: Fri, 3 Sep 1999 00:49:11 +0800 To: freebsd-hackers@freebsd.org Subject: Re: [mount.c]: Option "user"-patch Message-ID: <19990903004910.D1215@ewok.creative.net.au> References: <199909021638.LAA72898@galileo.physics.purdue.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199909021638.LAA72898@galileo.physics.purdue.edu>; from Andrew J. Korty on Thu, Sep 02, 1999 at 11:38:41AM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Sep 02, 1999, Andrew J. Korty wrote: > > > You realise that this kind of stuff can be done in kernelspace, > > > without needing yet another setuid binary/binaries.. > > > > Well, sysctl with list of pathes for user mounts looks good. > > Configuration is simple and can be easliy changed at runtime. It is > > always better to avoid setuid'ed binaries, this is more worse that > > mount(8) can execute other mount_* binaries. > > My code provides needed features that all implementations I've seen > of the sysctl approach do not. Our users need to mount removable > volumes just by clicking on a KDE icon, without having to know what > type of filesystem is present on the media. Non-console users > should not be permitted to mount removable volumes. Both of these > features are provided by my patch, which I have had in production > since I submitted it. There are saner ways than using a suid binary. Countering your arguement.. sysctl -w vfs.usermount="/floppy:/cdrom" And they can mount/umount at whim if they own the mountpoint/have done the mount (and the permission checking can be extended to suit..) Then all you need to do is think of a sane way to chown console devices (floppy, cdrom, etc..) to the user when they login? Perhaps an extension to login/xdm/whatever kde uses ? All I'm saying is there has to be a better way to solve a problem using an iron pole, regardless of whether its first stuck inside a nerf dart. Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message