Date: Fri, 3 Sep 1999 00:49:11 +0800 From: adrian@freebsd.org To: freebsd-hackers@freebsd.org Subject: Re: [mount.c]: Option "user"-patch Message-ID: <19990903004910.D1215@ewok.creative.net.au> In-Reply-To: <199909021638.LAA72898@galileo.physics.purdue.edu>; from Andrew J. Korty on Thu, Sep 02, 1999 at 11:38:41AM -0500 References: <bp@butya.kz> <199909021638.LAA72898@galileo.physics.purdue.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 02, 1999, Andrew J. Korty wrote: > > > You realise that this kind of stuff can be done in kernelspace, > > > without needing yet another setuid binary/binaries.. > > > > Well, sysctl with list of pathes for user mounts looks good. > > Configuration is simple and can be easliy changed at runtime. It is > > always better to avoid setuid'ed binaries, this is more worse that > > mount(8) can execute other mount_* binaries. > > My code provides needed features that all implementations I've seen > of the sysctl approach do not. Our users need to mount removable > volumes just by clicking on a KDE icon, without having to know what > type of filesystem is present on the media. Non-console users > should not be permitted to mount removable volumes. Both of these > features are provided by my patch, which I have had in production > since I submitted it. There are saner ways than using a suid binary. Countering your arguement.. sysctl -w vfs.usermount="/floppy:/cdrom" And they can mount/umount at whim if they own the mountpoint/have done the mount (and the permission checking can be extended to suit..) Then all you need to do is think of a sane way to chown console devices (floppy, cdrom, etc..) to the user when they login? Perhaps an extension to login/xdm/whatever kde uses ? All I'm saying is there has to be a better way to solve a problem using an iron pole, regardless of whether its first stuck inside a nerf dart. Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990903004910.D1215>