Skip site navigation (1)Skip section navigation (2)
Date:      04 Jun 1999 22:53:45 +0200
From:      Juergen Nickelsen <jnickelsen@acm.org>
To:        "William Woods" <wwoods@cybcon.com>
Cc:        "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: mount options......
Message-ID:  <x7so87n0va.fsf@goting.jn.berlin.snafu.de>
In-Reply-To: "William Woods"'s message of "Wed, 2 Jun 1999 17:33:06 -0700"
References:  <000401bead58$a615b3c0$124b93cd@william>

next in thread | previous in thread | raw e-mail | index | archive | help
"William Woods" <wwoods@cybcon.com> writes on freebsd-questions:

> When I do a mount_msdos /dev/da0s4 /zip (This is my parallel zip) as
> root it is fine but I cant do it as a user, it says operation not
> permited

Only the superuser can mount file systems. To enable this for regular
users, you can call mount(8) from a setuid-root wrapper program which
sets up the correct parameters etc. This has of course, like every
setuid program, potential security problems. Some time ago I wrote a
"generic" mount wrapper program that tries to address these problems;
it is appended below.

With the appropriate parameterization (see the Makefile) several
mount/umount programs can be generated from this source; as it is, the
Makefile builds mountcd and umountcd.

I think the program is nearly(*) free of security holes; if you
discover any, please contact me. BSD license is implied, i. e. use at
your *own* risk.

(*) A denial-of-service attack is possible: according the the manual
    page of mount(8), mounting a corrupt file system may cause a
    system crash.


# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	Makefile
#	suidmount.c
#
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
XCC       = gcc -Wall -Wstrict-prototypes
XPROGRAMS =  mountcd umountcd # mountmo umountmo mountcdfs 
XSOURCE   =  suidmount.c
XINSTDIR  = /usr/local/bin
XCDDEFS   = -DMOUNT_DEV='"/dev/cd0c"' -DMOUNT_DIR='"/cdrom"' -DCDFS -DREADONLY
XCFLAGS   = -s -DPROGRAM='"$@"'
X
Xall: $(PROGRAMS)
X
Xmountcd : $(SOURCE)
X	$(CC) $(CFLAGS) -o $@ $(CDDEFS) $(SOURCE)
X
Xumountcd : $(SOURCE)
X	$(CC) $(CFLAGS) -o $@ $(CDDEFS) -DDO_UMOUNT $(SOURCE)
X
Xinstall: $(PROGRAMS)
X	for i in $(PROGRAMS) ; do \
X	    cp $$i /usr/local/bin ; \
X	    chown root /usr/local/bin/$$i ; \
X	    chmod 4755 /usr/local/bin/$$i ; \
X	done
X
Xclean : 
X	rm -f *~ core $(PROGRAMS)
END-of-Makefile
echo x - suidmount.c
sed 's/^X//' >suidmount.c << 'END-of-suidmount.c'
X/* suidmount.c -- call mount(8) setuid root in a secure way. */
X
X#include <unistd.h>
X#include <stdio.h>
X
X#define MOUNT	"/sbin/mount"
X#define UMOUNT	"/sbin/umount"
X
Xchar *environment[] = { "PATH=/bin:/usr/bin", 0 } ;
X#ifndef DO_UMOUNT
Xchar *argv_mount[]  = { MOUNT,
X#ifdef CDFS
X			"-t", "cd9660",
X#endif /* CDFS */
X#ifdef READONLY
X			"-r",
X#endif
X			"-o", "nosuid",
X			MOUNT_DEV,
X			
X			MOUNT_DIR, 0 } ;
X#endif /* ! DO_UMOUNT */
Xchar *argv_umount[] = { UMOUNT, MOUNT_DIR, 0 } ;
X
X
Xint main(int argc, char **argv)
X{
X#ifdef DO_UMOUNT
X    execve(UMOUNT, argv_umount, environment) ;
X    perror(PROGRAM ": exec " UMOUNT) ;
X#else
X    execve(MOUNT, argv_mount, environment) ;
X    perror(PROGRAM ": exec " MOUNT) ;
X#endif
X    return 1 ;
X}
X
X/* EOF */
END-of-suidmount.c
exit

-- 
Juergen Nickelsen


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x7so87n0va.fsf>