Removable media security in FreeBSD
Robert Watson
rwatson at freebsd.org
Sun Jun 8 08:58:26 PDT 2003
On Sun, 8 Jun 2003, zk wrote:
> On Sun, Jun 08, 2003 at 01:28:50AM -0600, Brett Glass wrote:
> > since this would allow anyone to write someone else's removable media. Is
> > there a standard, SECURE way of allowing an unprivileged user at the console
> > to get at removable media that s/he has inserted in the machine?
>
> Create group floppy, chown 0:floopy /dev/floppy*, chmod g+rw /dev/fd0*
> and add user to group floppy. And vfs.usermount=1
If the definition of the policy really means "any user who can log in at
the console", I'd change the chown/chmod bits to a pointer to fbtab, and
use vfs.usermount.
On the "SECURE" front -- well, it depends a bit on how robust our file
system support is. Bad UFS file systems can cause the FreeBSD kernel to
behave improperly, since it's assumed that file systems will be clean or
explicitly checked before mounting. I've never really experimented much
with our FAT file system support to see how robust it is; we have a
5.2-RELEASE TODO list item to merge some robustness improvements from the
Darwin implementation back into FreeBSD, which suggests our implementation
could be improved on :-). I believe our usermount support carefully sets
nodev, nosuid, etc, on any file systems mounted by root, but haven't
tested that in a bit.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the freebsd-security
mailing list