Once again, this net is great!
Thanks to everyone who replied. I got more than 3 requests for a summary so
here it is.
This is my original question:
> Hi,
>
> I saw floating on this net around a month ago messages concerning the problem
> of root privilege required to mount and dismount the floppy drive on a
> Sparcstation2. I didn't see any summary ( or maybe I missed it !). Is
> there a work around? Thanks ahead of time for any assistance. Please mail
> replies directly to me and I will post summary if there is large demand for
> one. Thanks again!
>
> Huong (hton@bbn.com)
**From a SUN Hotline support person
Put any entry in the fstab for the floppy device so that it will be
automatically mounted when the system boots. Then anyone can write/eject
the floppy( gotta make sure you have YOUR floppy in the drive )
without root privelege. The man page for eject does NOT recommend you
eject any filesystem that is mounted however.
**From Wilhelm Methfessel meth%uebemc@ztivax.siemens.com
I made two small programs, that execv the mount/umount command.
These programs are installed with SUID root. The source of one of them
is included, the second is very! similar :-)
#------------------------------------
#include <stdio.h>
char path[] = "/usr/etc/mount";
char *argv[3];
char arg0[] = "mount";
char arg1[] = "/pcfs";
main()
{
argv[0] = arg0;
argv[1] = arg1;
argv[2] = NULL;
execv(path,argv);
}
#----------------------------------
If anybody sees security holes in my solution I would like to hear about them.
Wilhelm Methfessel UUCP: uunet|mcsun!unido!ztivax!uebemc!meth
Siemens AG, UEB EMC 41 meth%uebemc@ztivax.UUCP
Hofmannstrasse 51 Internet: meth%uebemc@ztivax.siemens.com
8000 Muenchen 70 Phone: +49 89 722 42351
**From Sven Ole Skrivervik svenole@sdata.no
Write a small program that calls mount and another that calls umount.
Make them suid to root. Just make sure that users know about the problems
they are causing if they ejects the floppy before umounting. Here's the
program that mounts the floppy. Remember that the floppy needs to be a
dos floppy:
anda% more pcm.c
#include <stdio.h>
main()
{
int test;
switch (fork()){
case -1:
printf("ERROR\n");
case 0:
execl("/usr/etc/mount","mount","-t","pcfs",
"/pcfs",NULL);
default:
wait();
}
}
anda%
Rgds.
----
Sven Ole Skrivervik ######### Skrivervik Data A/S
Manager Software Support ## Peter M|llers Veg 12
email: svenole@sdata.no ## ##### Box 123, Refstad
##### ## 0513 OSLO 5
Dir. dial: +47 2 152900 (262) ## Tlf: +47 2 156393
######### Fax: +47 2 220326
**From Darcy Barnett pdb@laurel.cam.nist.gov
Use a script like this:
#! /bin/csh -b
# pdb 910416
#
/usr/etc/mount -t pcfs -o rw /dev/fd0 /pcfs
exit
or a csh program like this:
/* program to mount floppy disk to avoid setuid script
P.D. Barnett
910510
*/
main()
{
int status;
status=system("/usr/etc/mount -t pcfs -o rw /dev/fd0 /pcfs");
}
But be sure to:
chmod 6755 mount-fd
chown root mount-fd
And put the mount-fd script or compiled program in a directory
on the user's path such as /usr/local/bin at our site.
**From Lars Nilsson etxsral@california.ericsson.se
Hi
I think that it would be possible to create two special users with
uid 0 or 1 and use the proper mount / umount commands as the shell.
An example on this is the sync user.
I have done similar for the halt command so that the user with a
diskfull WS can do a proper power-down without needing to know the
root-password.
/Lars Nilsson
--
Lars Nilsson
Ericsson Telecom AB , Stockholm - Sweden
E-mail: etxsral@california.ericsson.se
Fidonet: Lars Nilsson @ 2:201/108.7
**From Anthony A. Datri datri@concave.convex.com
People supplied various scripts and peices of code. Personally, I'd
just turn the suid bit on on the mount binary.
Fly to the sky on GI-GI____________ and shout to
datri@convex.com
**From Jim Napier napier@ames.ucsd.edu, jnapier@ucsd.edu, ...!ucsd!jnapier
At a Sun product conference I went to just yesterday they mentioned this
problem and the only workaround they talked about was a third party software
package that allows you to do this without root priviledges. I don't remember
the name but I can find out if you're interested.
Jim Napier
Programmer/Analyst
Applied Mechanics & Engineering Sciences Dept.
U.C. San Diego
(619)534-5414
napier@ames.ucsd.edu, jnapier@ucsd.edu, ...!ucsd!jnapier
**From Emmett Hogan
I have written a PERL script to mount/eject floppies and cd's as a
normal user. It will mount UNIX floppies, DOS floppies (if you have
SunOS 4.1.1) and SUN cd's (hs file system). It will also format the
DOS floppies and place a file system on the UNIX floppies if they
don't already have one. To use it you need perl, plus a perl program
from the nutshell book which builds a setuid C wrapper for the perl
script. I am writing up a man page/README for it today and plan to
post it to comp.sources.perl and comp.sources.misc soon...if you like
I can send you a copy to test out for me.
-Emmett
-------------------------------------------------------------------
Emmett Hogan Computer Science Lab, SRI International
Inet: hogan@csl.sri.com
UUCP: {ames, decwrl, pyramid, sun}!fernwood!hercules!hogan
USMAIL: EL231, 333 Ravenswood Ave, Menlo Park, CA 94025
PacBell: (415)859-3232 (voice), (415)859-2844 (fax)
ICBM: 37d 27' 14" North, 122d 10' 52" West
-------------------------------------------------------------------
**From Brian Smith brsmith@cs.umn.edu
On titan.rice.edu, there is a program called "fdmount". It must be
installed set-uid root (so you do need root permissions at least
once), but then can be run by any user to mount a floppy.
To unmount and eject the floppy, just use the SunOS eject command. If
you're running SunOS 4.1 or higher, you will have to make eject
set-uid root first. 'eject' contains the necessary code to unmount
the disk, but Sun evidently considered it a security risk.
fdmount was written under SunOS 4.0.3, and hasn't been updated to
4.1.1, but it *should* work. It will only mount the disk as a Unix
filesystem, however. You'd have to modify it to mount MS-DOS disks.
I really should get around to re-writing it one of these days...
--
Brian
brsmith@cs.umn.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:13 CDT