Date: 04 Jun 1999 22:53:45 +0200 From: Juergen Nickelsen <jnickelsen@acm.org> To: "William Woods" <wwoods@cybcon.com> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: mount options...... Message-ID: <x7so87n0va.fsf@goting.jn.berlin.snafu.de> In-Reply-To: "William Woods"'s message of "Wed, 2 Jun 1999 17:33:06 -0700" References: <000401bead58$a615b3c0$124b93cd@william>
next in thread | previous in thread | raw e-mail | index | archive | help
"William Woods" <wwoods@cybcon.com> writes on freebsd-questions:
> When I do a mount_msdos /dev/da0s4 /zip (This is my parallel zip) as
> root it is fine but I cant do it as a user, it says operation not
> permited
Only the superuser can mount file systems. To enable this for regular
users, you can call mount(8) from a setuid-root wrapper program which
sets up the correct parameters etc. This has of course, like every
setuid program, potential security problems. Some time ago I wrote a
"generic" mount wrapper program that tries to address these problems;
it is appended below.
With the appropriate parameterization (see the Makefile) several
mount/umount programs can be generated from this source; as it is, the
Makefile builds mountcd and umountcd.
I think the program is nearly(*) free of security holes; if you
discover any, please contact me. BSD license is implied, i. e. use at
your *own* risk.
(*) A denial-of-service attack is possible: according the the manual
page of mount(8), mounting a corrupt file system may cause a
system crash.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# Makefile
# suidmount.c
#
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
XCC = gcc -Wall -Wstrict-prototypes
XPROGRAMS = mountcd umountcd # mountmo umountmo mountcdfs
XSOURCE = suidmount.c
XINSTDIR = /usr/local/bin
XCDDEFS = -DMOUNT_DEV='"/dev/cd0c"' -DMOUNT_DIR='"/cdrom"' -DCDFS -DREADONLY
XCFLAGS = -s -DPROGRAM='"$@"'
X
Xall: $(PROGRAMS)
X
Xmountcd : $(SOURCE)
X $(CC) $(CFLAGS) -o $@ $(CDDEFS) $(SOURCE)
X
Xumountcd : $(SOURCE)
X $(CC) $(CFLAGS) -o $@ $(CDDEFS) -DDO_UMOUNT $(SOURCE)
X
Xinstall: $(PROGRAMS)
X for i in $(PROGRAMS) ; do \
X cp $$i /usr/local/bin ; \
X chown root /usr/local/bin/$$i ; \
X chmod 4755 /usr/local/bin/$$i ; \
X done
X
Xclean :
X rm -f *~ core $(PROGRAMS)
END-of-Makefile
echo x - suidmount.c
sed 's/^X//' >suidmount.c << 'END-of-suidmount.c'
X/* suidmount.c -- call mount(8) setuid root in a secure way. */
X
X#include <unistd.h>
X#include <stdio.h>
X
X#define MOUNT "/sbin/mount"
X#define UMOUNT "/sbin/umount"
X
Xchar *environment[] = { "PATH=/bin:/usr/bin", 0 } ;
X#ifndef DO_UMOUNT
Xchar *argv_mount[] = { MOUNT,
X#ifdef CDFS
X "-t", "cd9660",
X#endif /* CDFS */
X#ifdef READONLY
X "-r",
X#endif
X "-o", "nosuid",
X MOUNT_DEV,
X
X MOUNT_DIR, 0 } ;
X#endif /* ! DO_UMOUNT */
Xchar *argv_umount[] = { UMOUNT, MOUNT_DIR, 0 } ;
X
X
Xint main(int argc, char **argv)
X{
X#ifdef DO_UMOUNT
X execve(UMOUNT, argv_umount, environment) ;
X perror(PROGRAM ": exec " UMOUNT) ;
X#else
X execve(MOUNT, argv_mount, environment) ;
X perror(PROGRAM ": exec " MOUNT) ;
X#endif
X return 1 ;
X}
X
X/* EOF */
END-of-suidmount.c
exit
--
Juergen Nickelsen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x7so87n0va.fsf>