On Thu, Sep 02, 1999, Andrew J. Korty wrote:
> > > You realise that this kind of stuff can be done in kernelspace,
> > > without needing yet another setuid binary/binaries..
> >
> > Well, sysctl with list of pathes for user mounts looks good.
> > Configuration is simple and can be easliy changed at runtime. It is
> > always better to avoid setuid'ed binaries, this is more worse that
> > mount(8) can execute other mount_* binaries.
>
> My code provides needed features that all implementations I've seen
> of the sysctl approach do not. Our users need to mount removable
> volumes just by clicking on a KDE icon, without having to know what
> type of filesystem is present on the media. Non-console users
> should not be permitted to mount removable volumes. Both of these
> features are provided by my patch, which I have had in production
> since I submitted it.
There are saner ways than using a suid binary.
Countering your arguement..
sysctl -w vfs.usermount="/floppy:/cdrom"
And they can mount/umount at whim if they own the mountpoint/have done the
mount (and the permission checking can be extended to suit..)
Then all you need to do is think of a sane way to chown console devices
(floppy, cdrom, etc..) to the user when they login? Perhaps an extension
to login/xdm/whatever kde uses ?
All I'm saying is there has to be a better way to solve a problem
using an iron pole, regardless of whether its first stuck inside
a nerf dart.
Adrian
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
