Subject: Re: Allow non-root users to access to CD-ROM and Floppy
To: NetBSD Users Mailing List <netbsd-users@NetBSD.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 09/08/2004 14:24:55
[ On Wednesday, September 8, 2004 at 20:21:58 (+0900), Curt Sampson wrote: ]
> Subject: Re: Allow non-root users to access to CD-ROM and Floppy
>
> On Wed, 8 Sep 2004, Johnny Billquist wrote:
>
> > On Wed, 8 Sep 2004, Curt Sampson wrote:
> >
> > > Yes. Install sudo (from pkgsrc/security) and create let those you want
> > > use that to mount/unmount.
> >
> > That is probably a "good" way of opening a security hole.
>
> No, it is very much the opposite. It is the most secure way of doing
> this.
sudo _is_ a security hole, plain and simple -- however it can sometimes
be used without major risk in some circumstances and it may actually
reduce risk in some extremely rare situations, but in general it is too
much of a risk all by itself to recommend without knowing the whole
picture.
> If you follow the instructions you're much less likely to open
> a security hole than you would by writing your own suid shell script,
> for example.
This is true of course, but I don't think anyone recommended writing a
setuid shell script -- I really hope they didn't and wouldn't anyway....
> And it's far, far more secure than allowing users to
> mount/unmount any volume!
Well, yes, I suppose -- though it depends on exactly how you would allow
a non-priviledged user access the mount()/umount() system calls. If
certain mount flags are required, and if only certain device node
pathnames are allowed, then the risks of allowing unprivileged access to
mounting and unmounting are much lower, in general, than those of using
some tool like to sudo to accomplish the same task.
Also, the implication of your original comment was, at least in my
reading, exactly that (i.e. users would be allowed, by way of sudo, to
run mount or umount to access _any_ volume). If you meant to suggest
that a careful configuration of sudo might allow the admin to restrict
which devices and mount points a user might pass to those commands then
it would have been a really good idea to say so. :-)
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>