On Tue, Dec 30, 2003 at 02:57:24PM -0500, Paul Morgan wrote: > On Tue, 30 Dec 2003 12:09:37 -0600, Rob Benton wrote: > > > I guess I've never payed much attention to this until today but you have > > to be root to mount with the -o loop option. At least on my machine I > > do. Mount has the suid bit set. Is there some way I can allow non-root > > users to mount loop devices? > > Just off the top of my head, I think that it's probably a bad idea to > give a user the direct ability to mount on a loop device. How do you > control what the user mounts? It's an invitation to figure out how to > build an fs image with an suid binary on it and root your system,
mount -o nosuid,nodev --there's no difference between a loop device and any other device. There's the same problem with removable media, network shares, etc. It's just mount(8) will not accept `-o' switch from a non-root user. And don't think it's of no use: Anywhere superuser can use the loop device (encryption, fs-images, games, simulation, ...) mere users would use it, too. It's even cumbersome sometimes to do these things as root. -- Jan Minar Don't CC me, I'm subscribed.
pgp00000.pgp
Description: PGP signature
