Path: utzoo!utgpu!watmath!clyde!bellcore!rutgers!deimos!uxc!uwmcsd1!marque!uunet!munnari!mimir!hugin!augean!sirius!eco!nt!levels!ccdn From: ccdn@levels.sait.edu.au (DAVID NEWALL) Newsgroups: comp.unix.wizards Subject: Re: Mounting floppies Message-ID: <841@levels.sait.edu.au> Date: 1 Dec 88 19:20:50 GMT References: <129@minya.UUCP> <8800002@gistdev> <7606@orstcs.CS.ORST.EDU> Organization: Sth Australian Inst of Technology Lines: 42 In article <7606@orstcs.CS.ORST.EDU>, hakanson@mist.cs.orst.edu (Marion Hakanson) writes: > In article <8800002@gistdev> flint@gistdev.UUCP writes: >>I think it would be nice to have an option on mount that would basically say >>"If the suid or guid bits are set on any files not owned by me, then clear the >>bits and then mount the floppy." Such an option could presumably be used >>without your having to be the super-user: it might be extremely slow, but so >>what? Mounting a floppy is hardly a fast operation in the first place. > > [ explanations deleted ] > > /* > ** $Header: mountpub.c,v 1.15 85/11/18 11:45:36 hakanson Exp $ > ** > ** Usage: > ** mountpub [-fr] device directory > ** -f force clearing of bits (don't ask user). > ** -r read only filesystem (pass on to mount command). > ** or: > ** umountpub device > ** > ** This program allows any user to mount/unmount devices to > ** which the system administrator has allowed public access. > ** It runs setuid to root, but will not give access to files, > ** devices, or directories for which the user would not normally > ** have permissions. > ** > ** The main thing mountpub does is to check the contents of > ** the filesystem being mounted to be sure that there are no > ** setuid/setgid files that would give permissions that the > ** caller does not already have. Hence this makes it safer > ** to allow the average user to mount filesystems. > */ Gee, I don't know. I wonder what would happen if the user "mountpub"ed a floppy, and then replaced it with another disk that had setuid root shells on it -- ie, without unmounting the old disk? Could be nasty... -- David Newall Phone: +61 8 343 3160 Unix Systems Programmer Fax: +61 8 349 6939 Academic Computing Service E-mail: ccdn@levels.sait.oz.au SA Institute of Technology Post: The Levels, South Australia, 5095