From owner-freebsd-questions Wed Apr 21 20:45:35 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id A321615854 for ; Wed, 21 Apr 1999 20:45:20 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.8.8) id XAA14494; Wed, 21 Apr 1999 23:42:59 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199904220342.XAA14494@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Users mounting CD's or Audio CD's In-Reply-To: from Jorge Aldana at "Apr 21, 99 02:44:08 pm" To: jorge@salk.edu (Jorge Aldana) Date: Wed, 21 Apr 1999 23:42:59 -0400 (EDT) Cc: dwhite@resnet.uoregon.edu, freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jorge Aldana wrote, > Yes, but which permissions need to be set on what? I'd like to do this and > avoid any security holes if possible. To play an audio disc, all you need is read access to the device. Simply doing, # chmod 644 /dev/*wcd0* Will make 'cdcontrol' or 'xcdplayer' work[0]. There are really no security holes here except that anyone on the system can now read the device (which is what you want). > I've seen code that uses setgid? or setuid? to do this but I'm not sure I > want to go down that road if there is an offical way of doing this with > FreeBSD. Also, others have mentioned super? but I still get permissions > errors? In order to actually mount(1) a CD as a filesystem, you do need root permissions. Setting suid or sgid bits on 'mount' is _not_ recommended since mount was not meant to operate in this way. Using 'sudo' does introduce potential security problems in itself, but the biggest hole of all is the fact people can mount disks! Someone could write a binary that does _ANYTHING_ they want on a system they control, give it a suid bit as root, then burn it on a CD. When they mount that CD, they now have successfully gained root access to your system via the suid binary on the CD[1]. That's why mount is root only in the first place. [0] Strictly speaking, you may be able to get away with only allowing reads of /dev/wcd0c, but I have not done the checking. If you give read permission to wcd0c, I don't see how 'a' or the uncooked devices would hurt security more. [1] Yes, you can force a mount command to ignore suid, but that is beyond the scope of this mail. It'd be tricky to plug all of the holes there still. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message