Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!news.arc.nasa.gov!uhccux!cfht.hawaii.edu!jwright From: jwright@cfht.hawaii.edu (Jim Wright) Newsgroups: comp.sys.next Subject: Re: ownership of automounted volumes Message-ID: Date: 23 Jun 91 08:06:31 GMT References: <9106222222.AA16116@nextasy2.eecs.wsu.edu> Sender: news@uhccux.uhcc.Hawaii.Edu Lines: 28 dwatola@NEXTASY2.EECS.WSU.EDU (David Watola) writes: >very recently, some people have pointed out that making automounted >floppies or opticals owned by whoever is on the console (and ignoring >actual written ownerships) is a security risk. > >but consider the alternative. [ make a suid program on one NeXT using root access, take optical to another, bust in ] >neat, huh? so which security risk is worse. Not *THE* alternative. *ONE* alternative. I would prefer that the owner/group of removable media was preserved and suid/sgid was disabled. This makes a lot more sense to me. This is how the NeXT currently behaves: * Anyone can set the suid bit on any file on an automounted optical. * The suid bit will not be honored on any file on an automounted optical. * The suid bit will be preserved after the optical is unmounted. This is an easy way to get root privileges without ever needing the root password on any machine. If automounted disks honored the owner and group information, then you would need the root password on at least one machine for such an attack. -- Jim Wright jwright@cfht.hawaii.edu Canada-France-Hawaii Telescope Corp.