From: stephen@glas.rtsg.mot.com (Stephen Shortland) Subject: Re: Allowing others to mount ? Date: Wed, 21 Apr 1993 09:31:50 GMT
sct@dcs.ed.ac.uk (Stephen Tweedie) writes:
>> It is a huge security hole (or shall I say canyon) to allow anyone other
>> than root to mount a drive. I could just see some wiseguy mounting his
>> own linux boot disk and zapping your drive.
>There is no problem as long as you have a suid-root mount program
>which forces all mounts by normal users to have the no-suid bits set,
>and which only allows removable media to be mounted.
Forgot this in my previous post
You should also prevent mounting of any file systems which contain
block or char special devices. The reasons why are left as an exercise
for the reader :-)
Stephen...
-- | Stephen Shortland, | Motorola Ireland Ltd, | | | | Mahon Industrial Estate, | stephen@ | | Phone +353-21-357101 | Blackrock, Cork, | glas.rtsg.mot.com | | Fax. +353-21-357635 | IRELAND. | |