interesting feature on AMIX..

Keith Gabryelski ag at amix.commodore.com
Thu Jun 27 15:21:31 AEST 1991


sysop at insider.zer.sub.org writes:
> > File systems should only be mountable by root.  Allowing a user to
> > mount a floppy would be a big security hole.
> 
> So ? Where's the difference if one get's the data via TAR or direct by
> mounting ?

The data is not the problem.  The setuidness off the file is.

tar creates a file by taking the data from the specified archive and
placing it in a file using standard unix system calles (open, write,
close).  The archive happens to have permissions which include
setuidness which are given to the create file if the user that
is extracting the file has permission.

mount places a filesystem (a set of files in a kernel known format) in
the unix hierarchy by an entirely different unix mechanism which does
not require interpretting the permission bits of individual files until
said file is accessed.

Pax, Keith

-- 
Keith Gabryelski                                 Advanced Products Group
ag at amix.commodore.com                                 ...!cbmvax!amix!ag



More information about the Comp.unix.amiga mailing list