Path: utzoo!attcan!uunet!mcvax!unido!mikros!stefan From: stefan@mikros.systemware.de (Stefan Stapelberg) Newsgroups: comp.unix.wizards Subject: Re: Mounting floppies Message-ID: <348@mikros.systemware.de> Date: 29 Nov 88 10:10:52 GMT References: <129@minya.UUCP> <8800002@gistdev> <5682@louie.udel.EDU> Reply-To: stefan@mikros.UUCP (Stefan Stapelberg) Organization: MIKROS Systemware, Lohr/W-Germany Lines: 18 In article <5682@louie.udel.EDU> law@udel.EDU (Jeff Law) writes: >suid programs are not the only problem with allowing users to mount floppies, >what is going to stop me from putting my floppy in the drive and saying >mount /dev/floppy /etc I think, it is just that easy to write a small C program which checks wether the user doing the mount is the owner of the mounting point. BTW: You not only have to look for suid-files, but also for special device files! In Germany, there is a law for government agencies when accessing sensitive data (e.g. personal data): The sensitive data has to be physically present only when someone is working with it. So people like it to mount the floppy disk rather than read/write tar archives. -- Written (W) 1988 by Stefan StapelbergPhone: +49 9352 5948