Subject: Re: mount_ados
To: None <firstname.lastname@example.org>
From: Ty Sarna <email@example.com>
Date: 12/04/1994 19:40:15
In article <9412041739.AA06833@jade.techfak.uni-bielefeld.de>,
Markus Illenseer <markus@TechFak.Uni-Bielefeld.DE> wrote:
> On Dec 4, 1:08pm, Niklas Hallqvist wrote:
> > That's a bug, I think everyone agrees. On the question of the reason
> > why users should be able to mount filesystems, I think it's good that
> > users are able to mount self-supplied floppies. Or is that a security
> > problem? I don't think so.
> Actually it is a security problem, several trojan horses
> and simple SUID-programs can be made available via floppy.
How? Amiga filesystems don't have a SUID bit, so you can't have a suid
program on one. They don't have device nodes, so you can't introduce
holes that way. As long as adosfs is changed to implement the proper
restrictions on where a filesystem can be mounted by a user, like mdosfs
does, there are no security problems I can see.
Ty Sarna "You know, we live in the age of the superhighway
firstname.lastname@example.org information network thing..." -- Dave Letterman