achille@cernvax.UUCP (achille) (11/29/88)
Hi, I've noticed a difference between the 5.3 and the BSD environments under SR10. To mount something under SYS5.3, apparently you must be root (as stated in the man page), even you mount an nfs file system, instead under bsd4.3 you can mount, at least nfs file systems, without being root. Is that a 'feature' or what ? If we agree that mount is dangerous for security, then it must only work for root, otherwise should be open to anyone, independently of the environment you are running in. Any idea/comment/explanation ? Achille Petrilli Cray & PWS Operations
mike@apollo.COM (Michael Schloss) (12/13/88)
In article <887@cernvax.UUCP> achille@cernvax.UUCP () writes: >Hi, I've noticed a difference between the 5.3 and the BSD environments >under SR10. >To mount something under SYS5.3, apparently you must be root (as stated in >the man page), even you mount an nfs file system, instead under bsd4.3 you >can mount, at least nfs file systems, without being root. >Is that a 'feature' or what ? >If we agree that mount is dangerous for security, then it must only work for >root, otherwise should be open to anyone, independently of the environment >you are running in. Any idea/comment/explanation ? > >Achille Petrilli >Cray & PWS Operations Hi. I'm the Apollo engineer that worked on UNIX mount for SR10 so I can probably best answer your question. To put it as simply as possible it is a compromise between our need to be System V compliant and our need to best support our users in a workstation environment. The System V Validation Suite (SVVS) requires that the SYSV mount call fail for non-root users. This had to be balanced against the fact that current users of our workstations use floppies and we couldn't just break their applications. The reason that the BSD mount doesn't check for root privileges is that we are not required by contract to do this. There is no real security loss here because a user is able to mount a filesystem using the AEGIS command mtvol without root/locksmith privileges. One idea we are looking at is a restricted mount (all setuid turned off) but this would be part of a future release when we address other security issues. Mike Schloss mike@apollo.com