I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this by customizing the commands). I don't want to open up the floppy and ZIP drives to all users simultaneously, since this would allow anyone to write someone else's removable media. Is there a standard, SECURE way of allowing an unprivileged user at the console to get at removable media that s/he has inserted in the machine? --Brett Glass
On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote:> since this would allow anyone to write someone else's removable media. Is > there a standard, SECURE way of allowing an unprivileged user at the console > to get at removable media that s/he has inserted in the machine? >Create group floppy, chown 0:floopy /dev/floppy*, chmod g+rw /dev/fd0* and add user to group floppy. And vfs.usermount=1 zk
if devfs supports (or soon will support) filesystem ACLs, that might be the way to go. obviously this won't get around the "trusted media" problem... -Anthony. On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote:> I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system > on which she neither has nor wants root privileges. She wants to be able to > mount and unmount floppies and ZIP cartridges from within KDE, using the > standard KwikDisk utility (which, by the way, generates mount and unmount > command that don't conform to FreeBSD syntax; however, it appears possible > to fix this by customizing the commands). > > I don't want to open up the floppy and ZIP drives to all users simultaneously, > since this would allow anyone to write someone else's removable media. Is > there a standard, SECURE way of allowing an unprivileged user at the console > to get at removable media that s/he has inserted in the machine? > > --Brett Glass > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030609/c2d49df6/attachment.bin
On Tue, Jun 10, 2003, Michael Sierchio wrote:> David Schultz wrote: > > >FAT is somewhat less robust than UFS. ... > > That is possibly the most subtle funny thing I have read > all day. "An orange crate is somewhat less robust than > a Humvee" is how I read that.:-) In this case, I was referring specifically to bugs in our present implementation, not to the filesystem itself. The overall design certainly deserves stronger words.
On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote:> I don't want to open up the floppy and ZIP drives to all users simultaneously, > since this would allow anyone to write someone else's removable media. Is > there a standard, SECURE way of allowing an unprivileged user at the console > to get at removable media that s/he has inserted in the machine?man 5 fbtab BMS