Subject: Re: Allow non-root users to access to CD-ROM and Floppy
To: Curt Sampson <cjs@cynic.net>
From: Johnny Billquist <bqt@Update.UU.SE>
List: netbsd-users
Date: 09/08/2004 14:43:57
On Wed, 8 Sep 2004, Curt Sampson wrote:
> On Wed, 8 Sep 2004, Johnny Billquist wrote:
>
>> On Wed, 8 Sep 2004, Curt Sampson wrote:
>>
>>> Yes. Install sudo (from pkgsrc/security) and create let those you want
>>> use that to mount/unmount.
>>
>> That is probably a "good" way of opening a security hole.
>
> No, it is very much the opposite. It is the most secure way of doing
> this. If you follow the instructions you're much less likely to open
> a security hole than you would by writing your own suid shell script,
> for example. And it's far, far more secure than allowing users to
> mount/unmount any volume!
I must have misunderstood you. I thought you said to install sudo, and
allow people to use mount/umount through sudo?
As far as I can tell, this will allow people to mount/umount any volume,
and, as opposed to setting the sysctl variable, this will allow them to
mount at any point, which in turn, will allow them to exchange the mount
binary with anything they feel like, which in turn means they can easily
crack the system.
mount is a dangerous operation, which is why normal people normally aren't
allowed to do this.
But, like I said, maybe I misunderstood something in your suggestion?
Johnny
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt@update.uu.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol