Subject: Re: CDROM user access: security hole
To: None <>
From: Mike Long <>
List: current-users
Date: 01/25/1996 15:05:31
>From: Carsten Hammer <>
>Date: Wed, 24 Jan 1996 19:04:02 +0000 (GMT)
>Is there any way to give a CDROM in user access without
>violating basic system security principles?
>Are usermount (suid root) scripts bad in general or are
>there ways to do them "right"?

Write a small C program:

#include <unistd.h>
#include <errno.h>
int main(argc, argv)
    int argc
    char *argv[];
    execle("/sbin/mount", "mount",
	   "-rt", "cd9660", "-o", "nosuid", "/dev/cd0a", "/cdrom",
	   (char *)0, (char *)0));
    return 1;

Compile, chown the executable to root, chmod it to 4511, and you're
all set.

>Is there a way to allow rockridge extension on CD's but
>change all permissions that are suid or change all owner-marks
>to the user that accesses the files?

Read mount(8), and mount_cd9660(8).  They describe options that you
can add, like `nosuid' (see above).
Mike Long <> 
VLSI Design Engineer         finger for PGP public key
Analog Devices, CPD Division          CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA       (eq (opinion 'ADI) (opinion 'mike)) -> nil