Re: user can't mount loop device...
>>>>> " " == Daniel Jacobowitz <dan@debian.org> writes:
> What no one has mentioned is that users absolutely MUST NOT be
> allowed to run losetup (or mount, which would also be
If losetup is setuid you could do the following (untested):
losetup /dev/loop/0 /etc/shaddow
and then
dd if=/dev/loop/0 of=passwd
Nice. :)
> necessary). It's a file image. It can, for instance, contain
> suid binaries, not owned by the user. That's easy to make -
> see debugfs.
> If you really want to, you could add fstab entries marked
> 'user,nosuid,nodev' at the least, and provide a wrapper for
> losetup. As a whole this is a very bad idea, since access to a
> raw filesystem device often allows for all sorts of system
> corruption.
You need an entry anyway and the problem is the same for floppies or
zip or any other removable medium with an ext2 filesystem on it.
>From man mount:
user Allow an ordinary user to mount the file
system. This option implies the options
noexec, nosuid, and nodev (unless overridden
by subsequent options, as in the option line
user,exec,dev,suid).
So user or users is enough. You might want to allow executables
though.
MfG
Goswin
Reply to: