Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uwm.edu!linac!mp.cs.niu.edu!ux1.cso.uiuc.edu!usenet From: windemut@lisboa.ks.uiuc.edu (Andreas Windemuth) Newsgroups: comp.sys.next Subject: Re: Preserving file ownerships on OD? Keywords: file ownerships, removable media, optical disk, security Message-ID: <1991Jun27.020017.602@ux1.cso.uiuc.edu> Date: 27 Jun 91 02:00:17 GMT References: <11043@idunno.Princeton.EDU> Sender: usenet@ux1.cso.uiuc.edu (News) Organization: University of Illinois at Urbana Lines: 52 In article <11043@idunno.Princeton.EDU> sksircar@shade.princeton.edu (Subrata Sircar) writes: > Wait. Are you people saying that if I log in to the Next, and insert a backup > optical disk (made by root) that all of the files on that disk are now owned > by me? Even if the mountable media has root-owned files? > > If so, that's not just stupid, that's criminal. What's to prevent anyone > from doing ANYTHING they want to a mountable medium, for example a source disk > mounted over a network? > Well, I think this is a grave misunderstanding of the issue. It has to be assumed, given the fact that you can carry the medium around, put it into a magnet or into a specially designed computer with an optical disk drive, the person in posession of the disk can do ANYTHING he or she likes to do to it anyway. The way to prevent that is to keep the disk out of unauthorized hands. That which has to be protected is not the disk (which can be easily protected by storing it in a safe), but the system that the disk is mounted on (assuming anyone can put his/her disk in, i.e. the system is not equipped with a padlock on the drive). If the ownerships were not correctly set to the user physically inserting the disk, anyone could fabricate data with arbitrary userid, including root. It has been correctly pointed out that this is a serious security problem in the case of suid programs, but it is in general a violation of the principle that it should not be possible to make one's own data appear to originate from somebody else (try chown on your files). Not to speak of the case where the users owning files on the disk don't even exist on the system the disk is inserted in. Thus, the way it is done now is neither stupid nor criminal, it is exactly how it should be. If you really want to mount a disk with other user's ownerships on it, you have to be superuser. You are then responsible for the integrity of the data on the medium. If I am not mistaken, this is indeed possible by mounting the optical drive like any other hard disk and inserting the disk itself on request. -- Andreas Windemuth +-------------------------------------------------------------------- |Theoretical Biophysics windemut@lisboa.ks.uiuc.edu |University of Illinois Tel: (217)-244-1612 |3121 Beckman Institute Fax: (217)-244-8371 |405 N Mathews, Urbana, IL61801 NeXTmail Ok +--------------------------------------------------------------------