Path: utzoo!attcan!uunet!mcvax!unido!mikros!stefan
From: stefan@mikros.systemware.de (Stefan Stapelberg)
Newsgroups: comp.unix.wizards
Subject: Re: Mounting floppies
Message-ID: <348@mikros.systemware.de>
Date: 29 Nov 88 10:10:52 GMT
References: <129@minya.UUCP> <8800002@gistdev> <5682@louie.udel.EDU>
Reply-To: stefan@mikros.UUCP (Stefan Stapelberg)
Organization: MIKROS Systemware, Lohr/W-Germany
Lines: 18

In article <5682@louie.udel.EDU> law@udel.EDU (Jeff Law) writes:
>suid programs are not the only problem with allowing users to mount floppies,
>what is going to stop me from putting my floppy in the drive and saying
>mount /dev/floppy /etc

I think, it is just that easy to write a small C program which checks
wether the user doing the mount is the owner of the mounting point.

BTW: You not only have to look for suid-files, but also for special
device files!

In Germany, there is a law for government agencies when accessing
sensitive data (e.g. personal data): The sensitive data has to be
physically present only when someone is working with it.  So people
like it to mount the floppy disk rather than read/write tar archives.

-- 
Written (W) 1988 by Stefan Stapelberg  Phone: +49 9352 5948