Mounting floppies
Marion Hakanson
hakanson at mist.cs.orst.edu
Tue Nov 29 11:13:23 AEST 1988
I also had some experience with the HP Integral (which someone else
mentioned) doing summer work in QA on the thing. I remember calling
it the "Portable SU" at the time.
In article <8800002 at gistdev> flint at gistdev.UUCP writes:
>
>I think it would be nice to have an option on mount that would basically say
>"If the suid or guid bits are set on any files not owned by me, then clear the
>bits and then mount the floppy." Such an option could presumably be used
>without your having to be the super-user: it might be extremely slow, but so
>what? Mounting a floppy is hardly a fast operation in the first place.
Years ago (1985, in fact), I wrote a C program (which runs setuid-root)
to do exactly this. It was written and tested on 4.2bsd, but was almost
ported to SysV (I think all it lacks are mkdir(), rmdir(), and getgroups()
routines to emulate those in 4.2). The program has languished since
our floppy drives went away, but I did test it pretty thoroughly.
Basically, any user could mount (and unmount) the devices listed in
/etc/pubmount. The program used access(2) to check to see if the
caller had rwx access to the mount point, thus helping to disallow
mounting over system directories. For further explanation, see the
header comments below. I haven't even looked at the program for a
couple of years, so please excuse any mistakes I might've made in my
youth. I'd be willing to post the thing to comp.sources.unix, I suppose,
if demand warrants it, and with the caveat that my time to maintain the
thing is very limited.
Note that the program could undoubtedly be made more robust, and that
it was written without consideration for NFS mounts.
/*
** $Header: mountpub.c,v 1.15 85/11/18 11:45:36 hakanson Exp $
**
** Usage:
** mountpub [-fr] device directory
** -f force clearing of bits (don't ask user).
** -r read only filesystem (pass on to mount command).
** or:
** umountpub device
**
** This program allows any user to mount/unmount devices to
** which the system administrator has allowed public access.
** It runs setuid to root, but will not give access to files,
** devices, or directories for which the user would not normally
** have permissions.
**
** The main thing mountpub does is to check the contents of
** the filesystem being mounted to be sure that there are no
** setuid/setgid files that would give permissions that the
** caller does not already have. Hence this makes it safer
** to allow the average user to mount filesystems.
**
** Mountpub uses find(1) to scan the candidate filesystem after
** mounting it to a temporary directory (which is inaccessible
** to all but root), looking for setuid files not owned by
** the caller and setgid files with group ID's other than
** those allowed for the user (in /etc/passwd and /etc/group).
**
** Mountpub will not allow the filesystem to be mounted unless
** it can clear the setuid/setgid bits of the offending files
** (if any). When the contents are safe, mountpub will unmount
** from the temporary directory and call the normal mount
** command with the original arguements, in order to set up
** the mount table properly, etc. (rather than do this itself).
**
** If mountpub is called with a command starting with a "u",
** it will go through the normal access checks for the caller,
** and invoke the system umount command to unmount the filesystem.
*/
--
Marion Hakanson Domain: hakanson at cs.orst.edu
UUCP : {hp-pcd,tektronix}!orstcs!hakanson
More information about the Comp.unix.wizards
mailing list