Re: Mounting of removable media - security problem ?
On Mon, 6 Oct 1997, Wojciech Zabolotny wrote:
> Hello all!
> Last time I discovered, that when I added "user" option in /etc/fstab for
> floppies and zips, it is possible for everybody having account on my box
> to read, write and delete files on my removable disk (floppy or zip).
> When one user (lets call him "A") mounts the floppy, he becomes the owner
> of its filesystem, but if he does not use it temporarily, another user
> ("B") can unmount it, and then mount again. In this way user "B" may get
> full access to someone's else disk! =:-<
> I would like to configure my system in that way, that only user working
> on the virtual console may mount and unmount removeable media. (I think it
> is the best solution, because he must anyway access the computer to insert
> the disk).
> However I didn't see any appropriate options in the documentation of
> "mount" or "fstab".
> Now I'm thinking about writing a special root-suided application, which
> will check if the user which is executing it has logged in from the
> virtual console, then will mount the removable disk, and pass its
> ownership to the user...
> Is it really the only solution of above problem?
There already is a solution to this. There is a group named 'floppy' you
can use for this. If only users that are in the 'floppy' group (and root)
can (u)mount the floppy device and only users that are logged in at the
console are in group 'floppy', I think your problem is solved.
Here is how to do this:
In /etc/login.defs, add the group 'floppy' to the value of the
'CONSOLE_GROUPS' variable. I think it is there by default, but I am not
sure. Now, execute these commands as root:
# cd /dev
# chown root.floppy fd*
# chmod 660 fd*
Now, if somebody logs in at the console he/she is in group 'floppy' (check
this with the 'groups' command) and a user that is not logged in from the
console has no access to the floppy drive (check this, too).
> Last time I've read the discussion about "sticky bit". Does setting of
> this bit for mount point may help? If I understood this discussion,
> setting of this bit should block the posibility of unmounting and remounting
> of someone else's filesystem.
I believe the permissions of the mount point are ignored after something
has been mounted.
> But anyway it does not eliminate the problem completely.
> I can imagine such paranoic situation, that someone runs in the
> background a script, which is trying every second to mount the floppy or
> zip. In this case he will become the owner of this disk before the man who
> inserted it will be able to mount it.
You will definately notice it if someone want to mount a floppy when there
is no floppy in the drive (look at the logfiles).
> So the only acceptable solution is to require that mounting of
> removable media is allowed only for users working on the virtual console
> (and root of course!!!).
I think I just gave you the solution.
On my own system, I have done similar things for the sound devices, the
cdrom drive and several other things.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .