Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!batcomputer!itsgw!steinmetz!uunet!auspex!guy From: guy@auspex.UUCP (Guy Harris) Newsgroups: comp.unix.wizards Subject: Re: Mounting floppies Message-ID: <595@auspex.UUCP> Date: 7 Dec 88 02:12:03 GMT References: <17711@adm.BRL.MIL> Reply-To: guy@auspex.UUCP (Guy Harris) Organization: Auspex Systems, Santa Clara Lines: 22 >What is needed is for the kernel to ignore the suid and sgid mode flags >for a disk mounted by other than root. Physically changing all of the >flags is just a time waste. The kernel already keeps information in >memory about each mounted file system. It needs to keep an additional >mode flag for the file system which is automatically ANDed with all >file modes from files on that file system, to compute an effective >mode. SunOS already includes such a flag; see the M_NOSUID flag in MOUNT(2). (I suspect vendors who have picked up NFS from Sun may have picked it up as well.) The main purpose of this is for mounting NFS file systems from machines that you don't trust, but the same mechanism could be used for the similar situation with floppies. You'd also want to, as Peter Da Silva suggested, have either that flag or another flag disallow access to special files as well. Given that flag or flags, you could make "mount" semi-privileged, so that if you're not super-user you have to have the appropriate permissions on the device (or whatever you're mounting) and mount point, and you either have to request M_NOSUID and company - or the system could just force them to be on if you're not "root".