From owner-freebsd-questions Sun Apr 25 7:38:32 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.clientlogic.com (ns.clientlogic.com [207.51.66.75]) by hub.freebsd.org (Postfix) with ESMTP id 758CC150B1 for ; Sun, 25 Apr 1999 07:38:30 -0700 (PDT) (envelope-from ChrisMic@clientlogic.com) Received: by site0s1 with Internet Mail Service (5.5.2448.0) id ; Sun, 25 Apr 1999 10:38:32 -0400 Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105840@site2s1> From: Christopher Michaels To: "'cjclark@home.com'" , jorge@salk.edu Cc: dwhite@resnet.uoregon.edu, freebsd-questions@FreeBSD.ORG Subject: RE: Users mounting CD's or Audio CD's Date: Sun, 25 Apr 1999 10:39:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Isn't it possible to write a shell script that would mount/umount the CD noexec and use sudo to execute that script. Wouldn't this reduce the chance of the mounting being taken advantage of? -Chris > -----Original Message----- > From: Crist J. Clark [SMTP:cjc@cc942873-a.ewndsr1.nj.home.com] > Sent: Wednesday, April 21, 1999 11:43 PM > To: jorge@salk.edu > Cc: dwhite@resnet.uoregon.edu; freebsd-questions@FreeBSD.ORG > Subject: Re: Users mounting CD's or Audio CD's > > Jorge Aldana wrote, > > Yes, but which permissions need to be set on what? I'd like to do this > and > > avoid any security holes if possible. > > To play an audio disc, all you need is read access to the > device. Simply doing, > > # chmod 644 /dev/*wcd0* > > Will make 'cdcontrol' or 'xcdplayer' work[0]. There are really no > security holes here except that anyone on the system can now read the > device (which is what you want). > > > I've seen code that uses setgid? or setuid? to do this but I'm not sure > I > > want to go down that road if there is an offical way of doing this with > > FreeBSD. Also, others have mentioned super? but I still get permissions > > errors? > > In order to actually mount(1) a CD as a filesystem, you do need root > permissions. Setting suid or sgid bits on 'mount' is _not_ recommended > since mount was not meant to operate in this way. Using 'sudo' does > introduce potential security problems in itself, but the biggest hole > of all is the fact people can mount disks! Someone could write a > binary that does _ANYTHING_ they want on a system they control, give > it a suid bit as root, then burn it on a CD. When they mount that CD, > they now have successfully gained root access to your system via the > suid binary on the CD[1]. > > That's why mount is root only in the first place. > > [0] Strictly speaking, you may be able to get away with only allowing > reads of /dev/wcd0c, but I have not done the checking. If you give > read permission to wcd0c, I don't see how 'a' or the uncooked > devices would hurt security more. > > [1] Yes, you can force a mount command to ignore suid, but that is > beyond the scope of this mail. It'd be tricky to plug all of the > holes there still. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message