Removable media security in FreeBSD

Brett Glass brett at lariat.org
Mon Jun 9 15:54:34 PDT 2003 

Sorry not to have replied to some of the responses in this thread, but
things have been extraordinarily busy here. Alas, none of the approaches
that have been mentioned so far are quite what I need (though it might
be possible to adapt them to work). Here's why:

/etc/fbtab is fine for text logins, but (as far as I know) isn't consulted
by kdm or similar desktop managers.

Allowing the user to use sudo would effectively be giving him/her root
privileges, which we explicitly don't want to do. 

If the desktop manager can be set up to change ownerships, etc., upon login,
it would help. One response mentioned that this could be done for xdm, but I
don't know if kdm has the same capability. I also don't know how to obtain the
user name and device information from the environment -- and/or someplace else
-- if I create a script to do this. (While the device information could be in
/etc/fstab -- in entries with the noauto option set -- the script would need
to consult a table to know which devices the user should own for the duration
of the session. Clearly, there should be a standard place for this information
so that administrators can find and edit it.)

In the end, we just want the person who's logged in via an X desktop manager
at the console to be able to use the removable media and not have that media
spied upon by other users who might not be at the console (which is why I
started this thread on -security; there are plenty of insecure ways to do it,
but I need to implement a secure way). I'm thinking of having them mounted at
~/floppy and ~/zip, which we'd create in advance in each user's home
directory, or just at /floppy and /zip... comments on the pluses and minuses
of these two approaches are welcomed. In either case, the console user should
own them and the underlying raw devices for the duration of the login.)

A scheme that's compatible with KDE's built-in mounting and unmounting
utilities would be a plus. (They were designed for Linux, and the current
FreeBSD port of KDE doesn't change the mount and umount command formats to
work with BSD.... Perhaps the final scheme could be integrated into the
FreeBSD port of KDE and other desktops.)

As I recall, Red Hat does something like this, but I'm not sure exactly how.

--Brett

More information about the freebsd-security mailing list