Subject: Re: mount_ados
To: Chris G Demetriou <Chris_G_Demetriou@LAGAVULIN.PDL.CS.CMU.EDU>
From: Matthias Scheler <tron@lyssa.owl.de>
List: amiga
Date: 12/03/1994 21:25:55
Hi Chris,
you wrote in <199412030849.DAA02790@pain.lcs.mit.edu>:
> No, they can mount things only if a certain set of conditions are met,
> namely:
> (1) they have appropriate permissions on the device's /dev
> entries
The program is SETUID to root. If root can't read the device, everyone
who calls "mount_ados" can it.
> (2) they have appropriate permissions on the to-be-mounted-on
> directory.
He can mount it to directory in it's home directory.
> did you actually try to mount your amigados partition as a 'random'
> user?
Yes.
> if it worked, what do the permissions on its device node look like?
They are correct, see below.
> don't assume that just because something is named "mount_*" and is
> set-id that anybody can use it to mount anything...
*YOU* should have tried before writing this mail:
Script started on Sat Dec 3 21:17:50 1994
tron@lyssa:~>mkdir /tmp/bla
^^^^^^^^
User created directory.
tron@lyssa:~>mount_ados /tmp/bla�tron@lyssa:~>ls -l /dev/sd0e /sbin/mount_ados �brw-r----- 1 root operator 4, 4 Nov 23 23:18 /dev/sd0e
[ ^^^ => not readable for "tron".]
-r-sr-xr-x 1 root bin 106496 Oct 21 04:36 /sbin/mount_ados
[ ^ :-( I changed it back to the original. ]
tron@lyssa:~>mount_ados /dev/sd0e /tmp/bla
tron@lyssa:~>df
Filesystem 512-blocks Used Avail Capacity Mounted on
/dev/sd1a 395722 228760 147174 61% /
/dev/sd0f 137770 85314 45566 65% /home1
/dev/cd0a 1298000 1298000 0 100% /cdrom
adosfs 2 2 0 100% /fatty
procfs 16 16 0 100% /proc
kernfs 2 2 0 100% /kern
adosfs 2 2 0 100% /tmp/bla
[Seen it ? It worked.]
tron@lyssa:~>umount /tmp/bla
umount: /tmp/bla: Operation not permitted
[As I said: unmounting does NOT work.]
tron@lyssa:~>su
Password:
tron@lyssa:/homes/lyssa/tron#umount /tmp/bla
tron@lyssa:/homes/lyssa/tron#^D�exit
tron@lyssa:~>rmdir /tmp/bla
tron@lyssa:~>^D�exit
Script done on Sat Dec 3 21:18:46 1994
--
Matthias Scheler
tron@lyssa.owl.de