*BSD News Article 97956


Return to BSD News archive

Newsgroups: comp.unix.bsd.misc,comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!howland.erols.net!blackbush.xlink.net!ins.net!ruhr.de!devnull.ruhr.de!usenet
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
Subject: Re: User mount possible?
Content-Type: text/plain; charset=iso-8859-1
X-Newsreader: Gnus v5.3/Emacs 19.34
Sender: usenet@devnull.ruhr.de (Usenet Admin)
Content-Transfer-Encoding: 8bit
Organization: Yes we're organized
Lines: 52
Message-ID: <87rae1dkh7.fsf@devnull.ruhr.de>
References: <5nr27n$ees@vestein.arb-phys.uni-dortmund.de>
	<5nu2di$7o@xciv.demon.co.uk> <8767vgm5sw.fsf@devnull.ruhr.de>
	<5o2n4k$114@panix2.panix.com>
Date: Tue, 17 Jun 1997 20:48:20 GMT
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:3588 comp.unix.bsd.freebsd.misc:43091

tls@panix.com (Thor Lancelot Simon) writes:

> In article <8767vgm5sw.fsf@devnull.ruhr.de>,
> Benedikt Stockebrand  <benedikt@devnull.ruhr.de> wrote:
> >Yes.  And once you're at that you also need things flags like
> >"ignoresuid", "ignoredevs" and another bunch of these.  If anyone is
> >really going for this you might take a look at Linux first about these
> >flags.  Simply having a user mount a file system that contains a suid
> >root file or an improperly protected /dev/kmem doesn't seem such a
> >good idea...
> 
> Uh, look at Linux *why*?

*Because* they've had their share of problems with it.  Learning from
other peoples bad experiences may save yourself some.

> The "nodev" and "nosuid" and "noexec" flags have
> been available in Berkeley Unix for years.  In fact, I believe the first time
> I saw them was as a patch to the SunOS 4.0.3 kernel source.

Ok, so I may have misread the man page.  But anyway, there's
definitely one option the (Open)BSD mount/fstab miss: Linux has a
"NOUSER" flag for fstab that will disallow users to mount file systems
with that option.  Trying to make this work safely will open up a
mighty can of worms.

OpenBSD has about 7500 lines of source related to mount and
mount_<whatever_fs_you_care_about>.  If you really want to make those
setuid-proof you've got a bit of work ahead.  And for what?  Anyone
who really wants to allow users to mount file systems (like floppy
disk) will be able to write a ten-line C wrapper to do exactly this.
Well, at least anyone who has an idea about the security issues
involved.

Sure, it can be done.  The question is: Is it worth the trouble, like
actually doing the work, debugging it, dealing with subsequent
security alerts and SAs using old fstabs that miss the "nouser" flag?

> It's always nice to hear that Linux has invented yet another thing that
> someone else thought of years before.  Really.

It's always nice to see people who like to consider themselves
reasonable go into OS bashing mode.  Really.


    Ben

-- 
Ben(edikt)? Stockebrand    Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes.  Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.