Mounting floppies

[Ron Heiby]

John Chambers (jc at minya.UUCP) writes:
> This despite the fact that the /dev/dsk file has 666 permissions and
> /fd has 777 permissions.  Only root can do a mount.
> 
> This sorta interferes with users sticking a floppy in and saying
> to mount it.
>
> Is there
> some reason (other than bureaucratic perversity) that the Sys/V
> mount command won't do its job when the /dev and the directory
> have write permissions?  

The reason you don't (in general) want a user to be able to mount an
arbitrary floppy is that once mounted, a.outs on it can be executed
and the suid and sgid bits will be honored.  In the environment you
describe, I could format and mount a floppy, copy /bin/sh to it, chown
the sh to root, and unmount the floppy.  Now, since the /dev entry is
mode 666, I can modify the inode of the copy of sh just put onto the
floppy to change its mode bits, turning on the suid bit.  Now, mounting
the floppy again, I execute "my" copy of sh from the floppy and I'm
running with euid of 0.  Not a pretty picture.  Note that AT&T's standard
System V release has incorporated the facility for user mounting of
floppies for some time.  Of course, the way it was done for the releases
of two years ago (when I left AT&T) made it even easier to become root
using that facility.  Disable the logins:  checkfsys, makefsys, mountfsys,
and umountfsys by changing the password field to "NONE" for those four
in the /etc/passwd file if you have them.  Do it now!

In your environment, where there are only one or two people using the
machine, this is probably no big deal.  Do what you want.  Your vendor
doesn't know ahead of time how you plan to use the system, though.
-- 
Ron Heiby, heiby at mcdchg.chi.il.us	Moderator: comp.newprod
"There is a fine line between stupidity and cleverness." (This is Spinal Tap)