From owner-freebsd-current@FreeBSD.ORG Fri Apr 27 23:48:21 2012 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38EB9106566B for ; Fri, 27 Apr 2012 23:48:21 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 00A218FC14 for ; Fri, 27 Apr 2012 23:48:20 +0000 (UTC) Received: by obcni5 with SMTP id ni5so2175500obc.13 for ; Fri, 27 Apr 2012 16:48:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=dSByXt4tVSs1Ia5fbVPO3N6t345oQarM22tug496lLw=; b=fBQRPpf/J82YXsPFkBUPgpXAQiT9VuzUqzrpJ5aZuQhoLYETjVJjr68W5XRLxluD4J 3pMK1kZSPkcCT3ki37QN7wyaCfPbxRF+DxNlINFsTnHQgMzNOXtFaCOIJ7lHCPWscZFd 2l75q/9thsLwwL4qm28k5N4xin9dni0yRM+NevD+LnY9pCkvTNFUIV0obktwQoIfPr60 yNzUJsJr53OvgbvDe+ESZikACn6kYZ8TkYeKcWE88PXXq9yEw/FGV66frUccgovTbiH/ lFP0S623m/xPYaC9L1P5oYxowaSdXnMfrqGOw0VcZnnl7+VZbg+hzh3udPpCSTIWqux/ FCGg== MIME-Version: 1.0 Received: by 10.182.136.104 with SMTP id pz8mr16736368obb.37.1335570500628; Fri, 27 Apr 2012 16:48:20 -0700 (PDT) Received: by 10.182.154.70 with HTTP; Fri, 27 Apr 2012 16:48:20 -0700 (PDT) Date: Fri, 27 Apr 2012 19:48:20 -0400 Message-ID: From: Mehmet Erol Sanliturk To: FreeBSD Current Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Mounting removable devices X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 23:48:21 -0000 Dear All , To mount removable devices , a user ( NOT root ) requires the following parameter vfs.usermount=1 in /etc/sysctl.conf . A warning is specified in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html about its security vulnerabilities . Instead of using vfs.usermount=1 for this purpose , a new parameter may be defined as follows : vfs.removablemount=1 . If vfs.usermount=1 is found in /etc/sysctl.conf , then vfs.removablemount=1 may be assumed , if it is not present in /etc/sysctl.conf . I prefer separate usage : vfs.usermount=1 for ONLY fixed devices , vfs.removablemount=1 for ONLY removable devices . A developer knowing the usage of vfs.usermount in FreeBSD sources may easily implement vfs.removablemount . Such an implementation will fix security vulnerability caused by using vfs.usermount=1 for removable devices . Sometimes , it may be necessary to restrict mount of removable devices due to security requirements . Therefore , supplying a vfs.removablemount= { 0 or 1 } may be a useful improvement . I am NOT able to supply a patch about this because I do NOT know sources sufficiently well . Thank you very much . Mehmet Erol Sanliturk