H. Peter Anvin writes:
> "Christopher W. Curtis" wrote:
> >
> > The only problem with it is that the user must type 'mount' and 'umount'
> > after inserting and before ejecting, which is not DOS-style.
> >
> > Since supermount isn't integrated and autofs has the ability to do
> > mount/umount, if it could nab the UID and mount as not root, things
> > would be even easier.
>
> Using autofs is a way that would require it to nab UID would be a
> security hole, since it would create an exploitable race condition.
> It can in fact be argued that the "user" option to mount has the
> same problem. I don't particularly advocate using autofs with
> floppies, but if so, having a chown-to-follow-console setup and the
> "owner" option to mount would be better.
Hm. I wonder if there are some situations where a floppy user might
not have console access? Say someone else is sitting in front of the
console, but isn't using the floppy. Is this a scenario which people
care about?
If so, I have a solution: use devfs+devfsd. Configure devfsd to
autoload the floppy driver upon lookup, and to change the ownerships
of the registered device entries to the user who did the lookup, and
make the permissions rw-------.
This has no race condition. It would also work nicely for mtools,
which don't mount the device.
Regards,
Richard....
Permanent: [EMAIL PROTECTED]
Current: [EMAIL PROTECTED]
