Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!munnari.oz.au!uniwa!DIALix!metapro!bernie
From: bernie@metapro.DIALix.oz.au (Bernd Felsche)
Newsgroups: comp.unix.amiga
Subject: Re: Secure floppy filesyetms (was Re: interesting feature on AMIX..)
Message-ID: <1991Jun27.030131.25151@metapro.DIALix.oz.au>
Date: 27 Jun 91 03:01:31 GMT
References: <dillon.8977@overload.Berkeley.CA.US> <2761@amix.commodore.com>
Organization: MetaPro Systems, Perth, Western Australia
Lines: 56

In <2761@amix.commodore.com> ag@amix.commodore.com (Keith Gabryelski) writes:

>dillon@overload.Berkeley.CA.US (Matthew Dillon) writes:
>>     There is no way to secure a floppy.

>Sure there is: one rule must be followed, though.  If a user mounts a
>filesystem then set[ug]id or device files on that fileystem should not work.

Let's just refuse to mount a floppy with set[ug]id files and devices,
except for when "root" mounts it. The tools are there. Why make the
thing _more_ complex?

A setuid program, which runs /etc/ncheck first, inspect its output for
anomalies, and the exec's /etc/mount with appropriate arguments if it
is safe. It could even log intrusion attempts for the paranoid!

main(argc,argv)
integer argc;
char *argv[];
{
	/* some stuff as preamble */

	if ( (user = getuid()) == 0 ) safe = FALSE ; else safe = TRUE;

	if ( ! safe ) { /* fancy footwork to run /etc/ncheck on a pipe */
		/* pipe() */
		/* fork() */
		/* close fds not req'd */
		/* exec /etc/ncheck in child */
		/* parse output */
		if ( specials ) { /* funny business */
			/* break pipe, killing ncheck */
			/* log attempt */
			/* report error */
			exit(1);
		}
	}
	/* do the mount */
	execl(/*the mount*/);
}

The main danger is when people insert floppies in the drive which are
only slightly different to the one mounted.

The securemount program could read in all the directories as soon a
the floppy's mounted "for performance reasons" so that the blocks are
buffered, and won't be read from the floppy if it is changed.

Will the device driver return an error if a disk change has occurred
since the block device was mounted?? It seems like the right place to
handle this sort of thing.
-- 
Bernd Felsche,                 _--_|\   #include <std/disclaimer.h>
Metapro Systems,              / sold \  Fax:   +61 9 472 3337
328 Albany Highway,           \_.--._/  Phone: +61 9 362 9355
Victoria Park,  Western Australia   v   Email: bernie@metapro.DIALix.oz.au