From owner-freebsd-questions Fri Jun 4 15:48:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from www.inx.de (www.inx.de [195.21.255.251]) by hub.freebsd.org (Postfix) with ESMTP id EE40814E58 for ; Fri, 4 Jun 1999 15:48:23 -0700 (PDT) (envelope-from jnickelsen@acm.org) Received: from n241-106.berlin.snafu.de ([195.21.241.106] helo=goting.jn.berlin.snafu.de) by www.inx.de with esmtp (Exim 2.12 #2) id 10q2lB-0006kB-00; Sat, 5 Jun 1999 00:48:21 +0200 Received: by goting.jn.berlin.snafu.de (Postfix, from userid 100) id 5C86E378; Fri, 4 Jun 1999 22:53:46 +0200 (CEST) To: "William Woods" Cc: "FreeBSD Questions" Subject: Re: mount options...... References: <000401bead58$a615b3c0$124b93cd@william> From: Juergen Nickelsen Date: 04 Jun 1999 22:53:45 +0200 In-Reply-To: "William Woods"'s message of "Wed, 2 Jun 1999 17:33:06 -0700" Message-ID: Lines: 108 X-Mailer: Gnus v5.5/XEmacs 20.4 - "Emerald" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "William Woods" writes on freebsd-questions: > When I do a mount_msdos /dev/da0s4 /zip (This is my parallel zip) as > root it is fine but I cant do it as a user, it says operation not > permited Only the superuser can mount file systems. To enable this for regular users, you can call mount(8) from a setuid-root wrapper program which sets up the correct parameters etc. This has of course, like every setuid program, potential security problems. Some time ago I wrote a "generic" mount wrapper program that tries to address these problems; it is appended below. With the appropriate parameterization (see the Makefile) several mount/umount programs can be generated from this source; as it is, the Makefile builds mountcd and umountcd. I think the program is nearly(*) free of security holes; if you discover any, please contact me. BSD license is implied, i. e. use at your *own* risk. (*) A denial-of-service attack is possible: according the the manual page of mount(8), mounting a corrupt file system may cause a system crash. # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # Makefile # suidmount.c # echo x - Makefile sed 's/^X//' >Makefile << 'END-of-Makefile' XCC = gcc -Wall -Wstrict-prototypes XPROGRAMS = mountcd umountcd # mountmo umountmo mountcdfs XSOURCE = suidmount.c XINSTDIR = /usr/local/bin XCDDEFS = -DMOUNT_DEV='"/dev/cd0c"' -DMOUNT_DIR='"/cdrom"' -DCDFS -DREADONLY XCFLAGS = -s -DPROGRAM='"$@"' X Xall: $(PROGRAMS) X Xmountcd : $(SOURCE) X $(CC) $(CFLAGS) -o $@ $(CDDEFS) $(SOURCE) X Xumountcd : $(SOURCE) X $(CC) $(CFLAGS) -o $@ $(CDDEFS) -DDO_UMOUNT $(SOURCE) X Xinstall: $(PROGRAMS) X for i in $(PROGRAMS) ; do \ X cp $$i /usr/local/bin ; \ X chown root /usr/local/bin/$$i ; \ X chmod 4755 /usr/local/bin/$$i ; \ X done X Xclean : X rm -f *~ core $(PROGRAMS) END-of-Makefile echo x - suidmount.c sed 's/^X//' >suidmount.c << 'END-of-suidmount.c' X/* suidmount.c -- call mount(8) setuid root in a secure way. */ X X#include X#include X X#define MOUNT "/sbin/mount" X#define UMOUNT "/sbin/umount" X Xchar *environment[] = { "PATH=/bin:/usr/bin", 0 } ; X#ifndef DO_UMOUNT Xchar *argv_mount[] = { MOUNT, X#ifdef CDFS X "-t", "cd9660", X#endif /* CDFS */ X#ifdef READONLY X "-r", X#endif X "-o", "nosuid", X MOUNT_DEV, X X MOUNT_DIR, 0 } ; X#endif /* ! DO_UMOUNT */ Xchar *argv_umount[] = { UMOUNT, MOUNT_DIR, 0 } ; X X Xint main(int argc, char **argv) X{ X#ifdef DO_UMOUNT X execve(UMOUNT, argv_umount, environment) ; X perror(PROGRAM ": exec " UMOUNT) ; X#else X execve(MOUNT, argv_mount, environment) ; X perror(PROGRAM ": exec " MOUNT) ; X#endif X return 1 ; X} X X/* EOF */ END-of-suidmount.c exit -- Juergen Nickelsen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message