Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!gatech!udel!law
From: law@udel.EDU (Jeff Law)
Newsgroups: comp.unix.wizards
Subject: Re: Mounting floppies
Message-ID: <5682@louie.udel.EDU>
Date: 28 Nov 88 01:58:04 GMT
References: <129@minya.UUCP> <8800002@gistdev>
Reply-To: law@udel.EDU (Jeff Law)
Organization: University of Delaware
Lines: 21
In article <8800002@gistdev> flint@gistdev.UUCP writes:
>
>I think it would be nice to have an option on mount that would basically say
>"If the suid or guid bits are set on any files not owned by me, then clear the
>bits and then mount the floppy."
suid programs are not the only problem with allowing users to mount floppies,
what is going to stop me from putting my floppy in the drive and saying
mount /dev/floppy /etc
now i have mounted a floppy as /etc... what happens if i have a passwd file
on my floppy with a no password root account?? This is the exact procedure
i used to circumvent hewlett packard's PAM on the integral pc. it allows
anyone to mount floppies...
Jeff
--
Jeffrey A Law
University of Delaware PHONE: (302)-451-8005, (302)-451-6339
ARPA: law@udel.EDU, UUCP: ...!!udel.edu!law