On Tue, Jul 04, 2000 at 12:07:32AM +0200, Brad Knowles wrote:
> At 5:23 PM -0400 2000/7/3, Vivek Khera wrote:
>
> > # allow CD-ROM and ZIP drive user-mounting.
> > for i in /dev/*acd0* /cdrom /dev/*da0* /zip
> > do
> > chmod 0755 $i
> > chown $USER $i
> > done
>
> So, if you happen to have any regular fixed disks that are
> /dev/*da0* (e.g., the ones that /, /usr, /var, etc... are on), you
> will allow unprivileged users to mount them, presumably unmount them,
> and otherwise muck about with them however they want?!? Moof!
>
>
> I hope that this is on a machine that is effectively single-user
> (i.e., just you), and not one that allows anyone else to ever log
> in....
>From the comment, I would say he has a SCSI Zip drive. The same line
could apply to Jaz, an ancient Bernoull, or the like.
The risk I see is does this method let users mount with setuid?
--
Crist J. Clark [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
