• Next message: P D H: "Re: New feature for the filesystems. What do you think ?"
• Previous message: mike batchelor: "Newbie laundry list - pick 'n' choose!"
• Maybe in reply to: william E Davidsen: "[Q] Why can't non-root format a floppy?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: pdh@netcom.com (P D H)
Subject: Re: [Q] Why can't non-root format a floppy?
Date: Sat, 24 Apr 1993 23:23:32 GMT

sct@dcs.ed.ac.uk (Stephen Tweedie) writes:

>Yup. The formatting support in the Linux kernel is pretty primitive,
>and needs a lot of support from a formatting application to avoid
>going wrong. Because of this, formatting is a superuser-only
>operation.

I assume the process access the kernel device driver in an unusual way
in order to get the floppy formatted. As there are likely no permissions
at the hold during this, the super-user restriction seems simplest.

>You could just make the "fdformat" command suid-root. This will mean
>that normal users can format the floppy, but will prevent them from
>the hazards of directly accessing the formating system calls.

Good idea. It would be nice to have a feature added to fdformat that
will make it figure out whether or not it is running from a console tty
as opposed to a dialup or network. It should refuse to run unless the
tty is a console one (presuming that is where the floppy drives are).
Then execution permissions can be granted as desired, including to all.
Those at the console can then run fdformat freely. Some potential
problems are that someone with evil designs could possibly put a sleeping
process in the background and leave, that detects when someone on the
console uses a floppy, and proceeds to format it. If something could
kill all processes on a console tty that are not real-id root when getty
reactivates (hey, maybe getty could do this), then this security problem
might go away and public access linux boxes (such as in school computer
labs) can begin to be somewhat safe.

>I'm not sure whether or not fdformat correctly checks that the calling
>user has access to the disk device, though; however, it would not be
>difficult to implement this if necessary.

Exactly. I suggested an idea above. Any others (especially if they are
more secure than mine)?

BTW, if someone really needs to leave a background process running after
leaving the console, let them do it through rsh or something. That's not
that hard to do and it won't risk leaving ttys and consoles in strange
states.

-- 
| Phil Howard,  pdh@netcom.com,  KA9WGN         Spell protection?  "1(911)A1" |
| Right wing conservative capitalists are out to separate you from your MONEY |
| Left wing liberal do gooders are out to separate you from EVERYTHING ELSE!! |
+-----------------------------------------------------------------------------+

• Next message: P D H: "Re: New feature for the filesystems. What do you think ?"
• Previous message: mike batchelor: "Newbie laundry list - pick 'n' choose!"
• Maybe in reply to: william E Davidsen: "[Q] Why can't non-root format a floppy?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]