Date: Fri, 27 Apr 2012 19:48:20 -0400 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: FreeBSD Current <current@freebsd.org> Subject: Mounting removable devices Message-ID: <CAOgwaMvB7YYAVrjhWGwaY6jXBib5mpEVpqE4uLqY0iDdXyphRg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear All , To mount removable devices , a user ( NOT root ) requires the following parameter vfs.usermount=1 in /etc/sysctl.conf . A warning is specified in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html about its security vulnerabilities . Instead of using vfs.usermount=1 for this purpose , a new parameter may be defined as follows : vfs.removablemount=1 . If vfs.usermount=1 is found in /etc/sysctl.conf , then vfs.removablemount=1 may be assumed , if it is not present in /etc/sysctl.conf . I prefer separate usage : vfs.usermount=1 for ONLY fixed devices , vfs.removablemount=1 for ONLY removable devices . A developer knowing the usage of vfs.usermount in FreeBSD sources may easily implement vfs.removablemount . Such an implementation will fix security vulnerability caused by using vfs.usermount=1 for removable devices . Sometimes , it may be necessary to restrict mount of removable devices due to security requirements . Therefore , supplying a vfs.removablemount= { 0 or 1 } may be a useful improvement . I am NOT able to supply a patch about this because I do NOT know sources sufficiently well . Thank you very much . Mehmet Erol Sanliturk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOgwaMvB7YYAVrjhWGwaY6jXBib5mpEVpqE4uLqY0iDdXyphRg>