Richard Gooch wrote:
>
> H. Peter Anvin writes:
> > "Christopher W. Curtis" wrote:
> > >
> > > The only problem with it is that the user must type 'mount' and 'umount'
> > > after inserting and before ejecting, which is not DOS-style.
> > >
> > > Since supermount isn't integrated and autofs has the ability to do
> > > mount/umount, if it could nab the UID and mount as not root, things
> > > would be even easier.
> >
> > Using autofs is a way that would require it to nab UID would be a
> > security hole, since it would create an exploitable race condition.
> > It can in fact be argued that the "user" option to mount has the
> > same problem. I don't particularly advocate using autofs with
> > floppies, but if so, having a chown-to-follow-console setup and the
> > "owner" option to mount would be better.
>
> Hm. I wonder if there are some situations where a floppy user might
> not have console access? Say someone else is sitting in front of the
> console, but isn't using the floppy. Is this a scenario which people
> care about?
>
> If so, I have a solution: use devfs+devfsd. Configure devfsd to
> autoload the floppy driver upon lookup, and to change the ownerships
> of the registered device entries to the user who did the lookup, and
> make the permissions rw-------.
> This has no race condition. It would also work nicely for mtools,
> which don't mount the device.
>
Yes it does: I insert the floppy, you have a script running to poke at
the floppy and BOOM! You own my floppy.
-hpa
--
<[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt
