Re: Removable media security in FreeBSD

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 06/10/03

  • Next message: Zvezdan Petkovic: "Re: Removable media security in FreeBSD"
    Date: Mon, 9 Jun 2003 16:40:15 -0700 (PDT)
    To: <security@freebsd.org>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > Allowing the user to use sudo would effectively be giving him/her root
    > privileges, which we explicitly don't want to do.

    You understand that sudo allows the user to only run a particular command
    with particular arguments as root, right? You also understand that you're
    asking, at a fundamental level, to allow the user to perform priveleged
    operations, right?

    > If the desktop manager can be set up to change ownerships, etc., upon
    > login, it would help.

    Yes, this can be done, and by default xdm/gdm/kdm all chown /dev/console
    to the user logging in. So a super-easy but somewhat inflexible solution
    would be to just modify the xdm/kdm startup scripts to chown /mnt/floppy
    to the user, set it 0700 and mount it at login time, and then umount and
    chown back to root at logout time.

    As for allowing the user to mount stuff on demand in the middle of a
    session, that will be more complicated. If I had to do it, I think I
    might have a setuid c program that checked to see if the invoking user
    owned the console and then ran the appropriate mount command. If you have
    one such program per mountable device, you wouldn't even have to check the
    commandline or environment. I haven't fully thought this through yet, so
    there might be some problem with it.

    rwatson, of course, points out the real security consideration -
    regardless of how you deal with the essentially quotidian details of
    letting users "safely" run a priveleged command, allowing users to mount
    filesystems at will is inherently dangerous, as there's an extent to which
    the kernel trusts the contents of the filesystem. By specially crafting
    the contents of the floppy, the user has the ability to directly insert
    potential malicious data into certain kernel data-structures.

    On more than one occasion, I've crashed freebsd 3.x and 4.x boxes by
    trying to work with corrupted msdos floppy images - clearly, the msdos fs
    implementation is not (or at least was not - I haven't looked at it
    recently) very careful, and it's not at all unreasonable to think that
    someone could exploit this.

     -Jason

     --------------------------------------------------------------------------
     Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
     that he was insufficiently fondled when he was an infant.
            -- Ashley Montagu

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD4DBQE+5RrgswXMWWtptckRAmPjAJdGxq674DPsZfxlk2QuLku3QjTUAJ9AJ0LU
    qoirX4LftzTdjP973kzGGA==
    =VshS
    -----END PGP SIGNATURE-----

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Zvezdan Petkovic: "Re: Removable media security in FreeBSD"

    Relevant Pages

    • RE: Machine not Booting - Continued
      ... mkraid command and the mount command in the script as you suggested (in no ... Otherwise specify the same mkraid and mount command in /etc/rc.local. ... it has no proper file system to mount. ...
      (RedHat)
    • Re: [SLE] Still cannot update beyond original KDE3.3--Exhausted and Depressed
      ... Open Yast, Click on Software, ... to attach the contents of the disks to the existing filesystem. ... mount point is the directory in the filesystem you will attach those ... > Like perhaps give the the exact command and where to ...
      (SuSE)
    • RE: Machine not Booting - Continued
      ... with out the fstab /dev/md0 hashed out. ... have u tried to use the mount ... command to fix bad blocks like you suggested or has this done it already. ... within the Corus group of companies, ...
      (RedHat)
    • RE: Machine not Booting - Continued
      ... The entry in the fstab is now hashed ... command to fix bad blocks like you suggested or has this done it already. ... The error seems like its able to mount the partition but is not able to ... within the Corus group of companies, ...
      (RedHat)
    • Re: Cannot mount cdrom? Pls help
      ... >> internal IDE CDROM drive in question? ... Command line mounts work. ... > New fstab entry did not enable nautilus to mount the CD. ...
      (linux.redhat.misc)