On Mon, 10 Nov 2003 06:16:18 -0800, Norbert Kamenicky muttered: > gabor wrote: > >Andrew Farmer wrote: > > > >>On Sun, 09 Nov 2003 06:29:35 -0800, Norbert Kamenicky muttered: > >> > >>>- snip - > >>> > >>> > >>>>Well, the problem is that you can only mount an image as a user if the > >>>>image and mountpoint are specified in the fstab. I still don't know > >>>>why > >>>>mount (or the kernel or something) can't start allowing mounts of a > >>>>file > >>>>readable by a user over a directory the user owns... > >>> > >>> > >>>:-) :-) :-) ... security reason ! > >>> > >>>If you like to allow your users to mount just anything, > >>>(doesn't matter in which dir) > >>>it's the same, like give them root password ... > >>>never heard about Trojan horse ? :-) > >>> > >>>PS. > >>>it's typical question of people who use windblowz > >>>(where security issues were made by diletants, if at all), > >>>but know nothing about unix security ... > >> > >> > > > >hmmm.. could you give an example? > > > >let's imagine that i allow all the wheel users to mount loopback-files > >(iso images). > > > >how could that be a security risk? > > > >thanks, > >gabor > > at first just read again, the question and what I wrote ... > to prevent misunderstanding. > > ready ? so, go on ! > > User is running commands under it's (effective) id. Correct ? > Password is stored in /etc/shadow, > (which has not rw permissions for users ... try cat /etc/shadow). > > Now, I have a question to you: > How is it possible, users can change their password ? > > The right answer is: > Due to set uid/gid mechanism. > ( run ls -l /bin/passwd)
man mount See information for the "user" flag. Specifically, nosuid. -- Andrew Farmer [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature