Mounting floppies
Jeff Law
law at udel.EDU
Mon Nov 28 11:58:04 AEST 1988
In article <8800002 at gistdev> flint at gistdev.UUCP writes:
>
>I think it would be nice to have an option on mount that would basically say
>"If the suid or guid bits are set on any files not owned by me, then clear the
>bits and then mount the floppy."
suid programs are not the only problem with allowing users to mount floppies,
what is going to stop me from putting my floppy in the drive and saying
mount /dev/floppy /etc
now i have mounted a floppy as /etc... what happens if i have a passwd file
on my floppy with a no password root account?? This is the exact procedure
i used to circumvent hewlett packard's PAM on the integral pc. it allows
anyone to mount floppies...
Jeff
--
Jeffrey A Law
University of Delaware PHONE: (302)-451-8005, (302)-451-6339
ARPA: law at udel.EDU, UUCP: ...!<your_favorite_arpa_gateway>!udel.edu!law
More information about the Comp.unix.wizards
mailing list