Date: Thu, 02 Sep 1999 11:38:41 -0500 From: "Andrew J. Korty" <ajk@purdue.edu> To: Boris Popov <bp@butya.kz> Cc: adrian@freebsd.org, Doug Rabson <dfr@nlsystems.com>, freebsd-hackers@freebsd.org Subject: Re: [mount.c]: Option "user"-patch Message-ID: <199909021638.LAA72898@galileo.physics.purdue.edu> In-Reply-To: Message from Boris Popov <bp@butya.kz> of "Thu, 02 Sep 1999 22:03:06 %2B0700." <Pine.BSF.4.10.9909022145480.95414-100000@lion.butya.kz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 1 Sep 1999 adrian@freebsd.org wrote: > > > On Tue, Aug 31, 1999, Doug Rabson wrote: > > > On Mon, 30 Aug 1999, Andrew J. Korty wrote: > > > > > > > I provided a solution via send-pr (bin/11031) over four months ago, > > > > which is, in my opinion, superior in many ways to this sysctl > > > > approach. The patch contains an amendment to the mount(1) manual > > > > page. > > > > > > I have not reviewed this pr myself but it seems like a well thought out > > > change to the system. Would the people who are involved with the current > > > (more limited) proposed change like to review this and possibly use it > > > instead. I don't want to lose anyones work here if it could be useful. > > > > You realise that this kind of stuff can be done in kernelspace, > > without needing yet another setuid binary/binaries.. > > Well, sysctl with list of pathes for user mounts looks good. > Configuration is simple and can be easliy changed at runtime. It is > always better to avoid setuid'ed binaries, this is more worse that > mount(8) can execute other mount_* binaries. My code provides needed features that all implementations I've seen of the sysctl approach do not. Our users need to mount removable volumes just by clicking on a KDE icon, without having to know what type of filesystem is present on the media. Non-console users should not be permitted to mount removable volumes. Both of these features are provided by my patch, which I have had in production since I submitted it. The possibility of executing undesired mount_* binaries is precluded by the ability to list in the configuration file what filesystem types should be tried for each device. Andrew J. Korty, Director http://www.physics.purdue.edu/~ajk/ Physics Computer Network 85 73 1F 04 63 D9 9D 65 Purdue University 65 2E 7A A8 81 8C 45 75 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909021638.LAA72898>