Andrew Farmer wrote:
On Mon, 10 Nov 2003 06:16:18 -0800, Norbert Kamenicky muttered:
gabor wrote:
Andrew Farmer wrote:
On Sun, 09 Nov 2003 06:29:35 -0800, Norbert Kamenicky muttered:
- snip -
Well, the problem is that you can only mount an image as a user if the
image and mountpoint are specified in the fstab. I still don't know
why
mount (or the kernel or something) can't start allowing mounts of a
file
readable by a user over a directory the user owns...
:-) :-) :-) ... security reason !
If you like to allow your users to mount just anything,
(doesn't matter in which dir)
it's the same, like give them root password ...
never heard about Trojan horse ? :-)
PS.
it's typical question of people who use windblowz
(where security issues were made by diletants, if at all),
but know nothing about unix security ...
hmmm.. could you give an example?
let's imagine that i allow all the wheel users to mount loopback-files
(iso images).
how could that be a security risk?
thanks,
gabor
at first just read again, the question and what I wrote ...
to prevent misunderstanding.
ready ? so, go on !
User is running commands under it's (effective) id. Correct ?
Password is stored in /etc/shadow,
(which has not rw permissions for users ... try cat /etc/shadow).
Now, I have a question to you:
How is it possible, users can change their password ?
The right answer is:
Due to set uid/gid mechanism.
( run ls -l /bin/passwd)
man mount
See information for the "user" flag. Specifically, nosuid.
sorry, it's wasted time for me to go on in this topic,
because you can't read ... (or reading every fifth sentence)
--
[EMAIL PROTECTED] mailing list
