Re: mtools

[bhmit1@mail.wm.edu]

On 30 Jan 1998, Martin Bialasinski wrote:

> Jarkko Niemi <jin@jin.pp.sci.fi> writes:
> 
> > chmod 666 /dev/fd0
> > that maked the trick
> 
> This is a BAD THING(tm). Especially if you are somehow connected to other
> computers.

Agreed, the correct solution is to add yourself to the floppy group.  This
way only a few people can access the disk, that you hopefully trust.
There's also a way to make the people who have logged into the console
part of this group, but is considered insecure because if you can get
access to the console, you can create some sgid binaries to allow you
remote access to the drive.  I think this is stupid thinking because
anyone with console access and malicious intent can do just about
anything.

> Better use the way I described in a posting some days ago.

If the mount method is set up right, I think our two methods are
equivalent.  You could even remove raw access to the drive in my method
(requiring a sgid binary, or maybe make a floppy uid), but then you can't
make a quick tar archive or copy a kernel to a floppy to make it bootable.

HTH,
Brandon

-----
Brandon Mitchell <bhmit1@mail.wm.edu>   "We all know linux is great... it
PGP: finger -l bhmit1@cs.wm.edu          does infinite loops in 5 seconds"
Phone: (757) 221-4847                      --Linus Torvalds


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .