Richard Stallman wrote:
>
> > I stand by what I have said. On most machines there is no reason to
> > limit access to floppies to root.
> >
>
> That's not what you said. You said to make the it world writable.
>
> I restated my views in slightly different words the second time,
> figuring that saying them a different way would help make them clear.
It doesn't make them clear; it makes them different.
I don't agree with hpa that ``most distributions change ownership of the
floppy device depending on who's logged in at the console'' - Debian
ceratinly doesn't do that, nor have any of my RedHat (up to 5.2) dists.
I don't recall slackware doing it, and I never checked my Corel,
Caldera, or SuSe installs. Most of them use some sort of xdm with no
console login by default anyway, so I don't know if it even applies, or
if so, to which console it applies - my consoles typically have at least
two different users on them at the same time.
> "Limit access to root" refers to the practice of setting up /dev/fd0
> with mode 600 and owner root, which I have found (and changed) on
> dozens of machines I have used. That limitation screwed me many
The solution for many has been to make the /dev/fd0 entry options
'user,exec' (or similar). According to the mount manpage, "uid=value
and gid=value: Set the owner and group of all files. (Default: the uid
and gid of the current process.)" so all you have to do is issue "mount
/dev/fd0". The floppy device is 660 so under Debian I have to be in the
'floppy' group, but when mounted, I own all the files, as mode 755.
Changing my umask to 077 makes them all 700. This is how it should be,
though you may disagree the need for the 'floppy' group - personally, I
think only local users need to be in this group.
Perhaps your problems stem from running inferior dists. ;-)
My problems stem from the fact that I distribute mountpoints via NIS and
autofs. The first problem is that debian does not have sane settings in
their default setup - anyone who has autofs installed and a floppy on
/dev/fd0 can have their system compromised by anyone with physical
access to the floppy drive and an account on the machine. The options
in /etc/auto.misc need to be the same as they are in /etc/fstab.
The next problem is that autofs doesn't provide accurate UID mapping.
Even if you specify the options that are in /etc/fstab in
/etc/auto.misc, the process calling mount is autofs, which is owned by
root, not by the user calling the function that hooks autofs, so all
mounts are always done as and by root.
The final problem is that when you eject the diskette, the VFS gets the
message at some point, but does nothing about it, whereas it *should*
force an unmount of that filesystem and dirty all the buffers that
aren't mapped (eg, executables and open files).
> times. The hypothetical problem of someone else reading my floppy was
> in most cases impossible because nobody else (except the person who
> was letting me use his home machine) could possibly have logged in on
> it.
Many machines are connected to networks nowadays. You have no idea who
else may be on there. Linux provides loadable modules which have access
to all global symbols and as such, no Linux system can be trusted,
especially without an observer.
Christopher
