Subject: Re: proposed: /usr/src/usr.bin/tcfs/*, needs gdbm, some SUID programs
To: VaX#n8 <vax@carolina.rr.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-userlevel
Date: 08/20/2004 19:14:10
On Fri, Aug 20, 2004 at 06:31:41PM -0400, VaX#n8 wrote:
> In message <20040820021634.GW27477@che.ojctech.com>, David Young writes:
> >What do the suid programs do?  Why do they need to be suid at all?
> 
> Cursory analysis:
> 
> It appears the SUID programs need root to perform:
> 
> mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
> 
> This appears to be how TCFS pushes keys into the kernel for
> use in decrypting files.

Perhaps you should add another system call (or an ioctl?  given that
we're working on files, that might make much more sense) that normal
users can perform, instead of abusing the mount syscall this way.

Thor