Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!mit-eddie!rutgers!orstcs!mist!hakanson From: hakanson@mist.cs.orst.edu (Marion Hakanson) Newsgroups: comp.unix.wizards Subject: Re: Mounting floppies Message-ID: <7819@orstcs.CS.ORST.EDU> Date: 9 Dec 88 19:36:05 GMT References: <129@minya.UUCP> <8800002@gistdev> <7606@orstcs.CS.ORST.EDU> <841@levels.sait.edu.au> Sender: usenet@orstcs.CS.ORST.EDU Reply-To: hakanson@mist.CS.ORST.EDU (Marion Hakanson) Organization: Oregon State University - CS - Corvallis, Oregon Lines: 19 In article <841@levels.sait.edu.au> ccdn@levels.sait.edu.au (DAVID NEWALL) writes: . . . >> ** The main thing mountpub does is to check the contents of >> ** the filesystem being mounted to be sure that there are no >> ** setuid/setgid files that would give permissions that the > >Gee, I don't know. I wonder what would happen if the user "mountpub"ed >a floppy, and then replaced it with another disk that had setuid root >shells on it -- ie, without unmounting the old disk? Could be nasty... That's a hardware problem (1/2 :-). Doing such a thing would probably be as likely to crash the system as to allow unauthorized access, but that's a security problem as well. Mountpub also neglects to check for special (device) files, which I hadn't considered three years ago when I wrote the program. -- Marion Hakanson Domain: hakanson@cs.orst.edu UUCP : {hp-pcd,tektronix}!orstcs!hakanson