Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Apr 1999 23:42:59 -0400 (EDT)
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        jorge@salk.edu (Jorge Aldana)
Cc:        dwhite@resnet.uoregon.edu, freebsd-questions@FreeBSD.ORG
Subject:   Re: Users mounting CD's or Audio CD's
Message-ID:  <199904220342.XAA14494@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <Pine.BSF.3.96.990421144013.2782J-100000@davinci.salk.edu> from Jorge Aldana at "Apr 21, 99 02:44:08 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
Jorge Aldana wrote,
> Yes, but which permissions need to be set on what? I'd like to do this and
> avoid any security holes if possible. 

To play an audio disc, all you need is read access to the
device. Simply doing,

# chmod 644 /dev/*wcd0*

Will make 'cdcontrol' or 'xcdplayer' work[0]. There are really no
security holes here except that anyone on the system can now read the
device (which is what you want).

> I've seen code that uses setgid? or setuid? to do this but I'm not sure I
> want to go down that road if there is an offical way of doing this with
> FreeBSD. Also, others have mentioned super? but I still get permissions
> errors?

In order to actually mount(1) a CD as a filesystem, you do need root
permissions. Setting suid or sgid bits on 'mount' is _not_ recommended
since mount was not meant to operate in this way. Using 'sudo' does
introduce potential security problems in itself, but the biggest hole
of all is the fact people can mount disks! Someone could write a
binary that does _ANYTHING_ they want on a system they control, give
it a suid bit as root, then burn it on a CD. When they mount that CD,
they now have successfully gained root access to your system via the
suid binary on the CD[1].

That's why mount is root only in the first place.

[0] Strictly speaking, you may be able to get away with only allowing
    reads of /dev/wcd0c, but I have not done the checking. If you give
    read permission to wcd0c, I don't see how 'a' or the uncooked
    devices would hurt security more.

[1] Yes, you can force a mount command to ignore suid, but that is
    beyond the scope of this mail. It'd be tricky to plug all of the
    holes there still.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904220342.XAA14494>