Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!convex!swarren
From: swarren@convex.com (Steve Warren)
Newsgroups: comp.unix.amiga
Subject: Re: interesting feature on AMIX..
Keywords: MOUNT FLOPPY SECURITY
Message-ID: <1991Jun20.210142.20878@convex.com>
Date: 20 Jun 91 21:01:42 GMT
References: <1991Jun19.204906.19339@dvorak.amd.com> <1991Jun20.165331.4604@convex.com> <319@devnull.mpd.tandem.com>
Sender: usenet@convex.com (news access account)
Organization: CONVEX Computer Corporation, Richardson, Tx., USA
Lines: 43
Nntp-Posting-Host: neptune.convex.com

In article <319@devnull.mpd.tandem.com> lance@mpd.tandem.com (Lance Hartmann) writes:
>In article <1991Jun20.165331.4604@convex.com> swarren@convex.com (Steve Warren) writes:
>>In article <1991Jun19.204906.19339@dvorak.amd.com> tim@amd.com (Tim Olson) writes:
>>>File systems should only be mountable by root.  Allowing a user to
>>>mount a floppy would be a big security hole.
>>
>>[STUFF DELETED]
>>Every inode would be scanned to make sure that nothing on the floppy violated
>>the priviledges of the user.  If anything bogus showed up then the system
>>would refuse to mount it....
>>[REMAINDER DELETED]
>
>Forgive my ignorance, but what do you mean by "scanning the inodes"?

Hey, I'm taking my first OS class right now!  I can't tell you the nuts &
bolts of how to do it, but I've never written a file system either!  But
what do you think fsck does?

>                                                      ...  I guess
>you could read the raw floppy device, check the super block, etc.
>before mounting, ...

That is what I am talking about.

>       ... but is there a EASY, KNOWN way for checking the stat's of the
>raw contents?  For example, you'd certainly want to make sure that there
>weren't ANY files with setuid/setgid bits set (particularly, root owned!).

No root-owned files allowed.  If the user does not have permission to write
a file as root, then he can't mount a file-system containing root-owned files.

>I know that all the info would be there, but am wondering how easy/difficult
>it would be to do this....

It is simple.  Just don't let the user do anything through a mount that he
wouldn't otherwise be allowed to do through a direct creation of a directory
or file.

--
            _.
--Steve   ._||__
  Warren   v\ *|
             V