Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!uunet!cbmvax!amix!ag
From: ag@amix.commodore.com (Keith Gabryelski)
Newsgroups: comp.unix.amiga
Subject: Re: interesting feature on AMIX..
Message-ID: <2762@amix.commodore.com>
Date: 27 Jun 91 05:21:31 GMT
Article-I.D.: amix.2762
References: <9106220805.01.47@SYSOP>
Distribution: comp
Organization: Commodore-Amiga Unix Development
Lines: 25

sysop@insider.zer.sub.org writes:
> > File systems should only be mountable by root.  Allowing a user to
> > mount a floppy would be a big security hole.
> 
> So ? Where's the difference if one get's the data via TAR or direct by
> mounting ?

The data is not the problem.  The setuidness off the file is.

tar creates a file by taking the data from the specified archive and
placing it in a file using standard unix system calles (open, write,
close).  The archive happens to have permissions which include
setuidness which are given to the create file if the user that
is extracting the file has permission.

mount places a filesystem (a set of files in a kernel known format) in
the unix hierarchy by an entirely different unix mechanism which does
not require interpretting the permission bits of individual files until
said file is accessed.

Pax, Keith

-- 
Keith Gabryelski                                 Advanced Products Group
ag@amix.commodore.com                                 ...!cbmvax!amix!ag