> The program is SETUID to root. If root can't read the device, everyone
> who calls "mount_ados" can it.

_huh_?  that doesn't parse.

for an example of how this is _supposed_ to work, see mount_msdos.
last i checked, mount_msdos worked.  ("last i checked" was when i
wrote the code to make it work.)

> > did you actually try to mount your amigados partition as a 'random'
> > user?
> 
> Yes.

you've found a bug in adosfs.  a quick fix may be to chmod 555
/sbin/mount_adosfs, but that's not the correct long term solution.

> > don't assume that just because something is named "mount_*" and is
> > set-id that anybody can use it to mount anything...
> 
> *YOU* should have tried before writing this mail:

my mail was intended to find out if it was really a bug; the code is
_supposed_ to make sure the user has appropriate permissions.
I thought it did, but apparently it does not.

The correct solution to this is to clone the access checking code out
of msdosfs, to allow users to mount ados file systems, and i'm sure
that if you presented a diff to do that, Chris Hopps would apply it.


I've just filed a PR for it.



cgd