wnp@mcomp.UUCP (05/24/87)
ncsuvx.UUCP!abc writes: >In article <600@dutesta.UUCP> mol@dutesta.UUCP (Marcel Mol) writes: >> Login as a casual user >> unmount the /usr filesystem ('/etc/umount /dev/fd0' if /usr is mounted >> on diskdrive 0) > >This brings up a point that may have been discussed before, but I don't >remember it. Why do 'casual users' get to mount and unmount disks? >This is a major problem with security on big systems, and seems to cause >more problems than it is worth on even the little ones! Can't we check to >see if the person is superuser before mount/unmount requests are allowed? > >This may cause problems when we are on a floppy only system, but would be >so much nicer for those of us with hard disks. Well, what's the problem with the following approach: 1. Make mount & umount executable by root only (chmod will do that) 2. On your hard disk root file system, make an empty directory "/b". 3. In /bin or /usr/bin, create a shell script as follows, writeable only by root, but read- & executable by all users, with suid set: # mount /dev/fd1 on /b /etc/mount /dev/fd1 /b 4. Likewise, create a shell script as follows, same modes & attributes: # unmount /dev/fd1 /etc/umount /dev/fd1 5. Repeat steps 3 & 4 for any other device you want casual users to be able to mount/unmount. 6. Finally, once your system is up an using the hard disk either as the root filesystem or as /usr, it's not much trouble modifying init to look for login on /bin instead of /usr/bin, so that it cannot ever be unmounted, even if you left mount/umount unprotected.. Since MINIX is available with well-commented source, all of this really shouldn't presents a problem. If you don't like the way the permissions are set, change them, and see if that causes any problem. If so, well, some investigation should let you find the cause, and fix it. After all, this isn't a closed system! And never forget that it is not a commercial production operating system, but a hacker's dream come true: a reasonably complete multiuser, multitasking o.s. with source, for hardware almost anybody can afford (even if it requires some scrounging and eating out a few times less!). ----------------------------------------------------- Wolf N. Paul, 290 Dogwood, Plano, Tx. 75075 UUCP: ihnp4!convex!mcomp!wnp Phone: (214) 578-8023 W.U.ESL: 6283-2882